PyPI Package ‘secretslib’ Drops Fileless Linux Malware to Mine Monero

The curious case of 'secretslib'—a fileless cryptominer

Sonatype has identified a 'secretslib' PyPI package that describes itself as "secrets matching and verification made easy." On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters.

Further, the threat actor publishing the malicious package used the identity and contact information of a real national laboratory software engineer working for a U.S. Department of …

fileless linux linux malware malware monero package pypi pypi package