Hundreds of npm and PyPI Packages Found Dropping Linux Cryptominers
Researchers found 241 malicious packages infiltrating PyPI and npm open-source registries. The packages deploy cryptominers after infecting Linux systems. A majority of these packages are typosquats of widely used libraries, and each one of them downloads a Bash script on Linux systems that runs cryptominers.