Malicious Package

Affecting mybiubiubiu package, versions [0,]

high severity

Overview

12 Python libraries were identified as malicious packages. smplejson, pkgutil, timeit, diango, djago, dajngo and mybiubiubiu packages were vulnerable to typo-squatting attacks. These packages performed a ping back to a server indicating the package were installed.

On October 13th, 2018 all of these packages have been removed from Pypi.

Remediation

Avoid usage of this package altogether.

References

Do your applications use this vulnerable package?

Credit
Bertus
CWE
CWE-506
Snyk ID
SNYK-PYTHON-MYBIUBIUBIU-72532
Disclosed
13 Oct, 2018
Published
28 Oct, 2018