A simple typo when using pip can install a malicious PyPI package that hides cryptomining code, and security researchers have uncovered dozens of such deceptive packages, highlighting the supply‑chain risks of Python's package ecosystem and offering practical mitigation steps.
This article analyzes the recent surge of Redis unauthenticated attacks that install a worm, use pnscan for lateral scanning, modify system settings, and launch cryptocurrency mining, while providing detailed script breakdowns and remediation steps.
A production server running Tomcat, MySQL, MongoDB and ActiveMQ was taken down by a malicious cron job that executed a cryptomining script, and the article walks through the investigation, removal, and hardening steps to fully recover and secure the system.
F5 Networks researchers uncovered the PyCryptoMiner Linux botnet, which exploits exposed SSH ports, uses Python scripts and Pastebin for C&C, leverages CVE‑2017‑12149, and has mined roughly $46,000 worth of Monero by compromising vulnerable servers.
