Students Placed Ransomware as a ‘Fun’ Project in the PyPI Repository

One such student was bored, now it is difficult to say what was the reason behind his boredom, but it is clear that he was bored for some reason only then that school child made three packages of ransomware whose names (requesys, requesrs and requesr), not only that, the child also uploaded these three packages in the PyPI repository as encryptors. These packages that were uploaded were general typosquats of the Python library as well as legitimately widely used ones, not only that one of them was even downloaded more than hundreds of times.

PyPI Repository

Let us tell you that earlier 10 such unfortunate packages were deleted from PyPI Repository which could steal developers’ passwords and API tokens and other important data. Well, this type of sequence is seen every day and if they are detected in time, then people can be saved from a great loss, otherwise, the matter can also become serious.

According to Sonatype’s experts who keep searching for different types of malware, if a person uses these types of packages, then he can become a victim of the world’s most dangerous virus named ransomware, and everyone will know that if nasty ransomware makes any computer it’s victim, then first locks all the data of that computer and forces its users to pay a heavy amount as ransom money.

Now let us tell you a little in detail, one of the three packages that the schoolboy uploaded to PyPI Repository was requesys, which was downloaded 258 times, which was mainly for Windows, which was used in whichever computer it was automatically started to encrypt data.

So the same people need to know that at the same time version 1.0-1.4 included encryption code and decryption code both are available in a text. In addition to all this, version 1.5 showed a base64 an executable file that apparently didn’t exist, which is probably why the analysis became a bit more difficult than the others.

So the same malware introduced a lot of cleverness and used the fernet module to make itself more robust, which was taken from the cryptographic library and this was the reason that this malware was able to do symmetric key encryption. Malware may have used the Fernet module so that they could encrypt the data randomly and the big thing is that the victim users used this module to decrypt their data.

Other Articles You Can Read

Keyword Research For SEO in 2022: Guide For Beginners

deBridge Finance targeted by North Korea’s Lazarus hackers

About the author

Christopher Edwards

Hey This is Chris, I am a Malware researcher and security analyst. I love to find out about new threats and viruses and I started this website to teach people how to stay safe online. You will get all the latest malware removal tips and tricks here. You can also ask for any virus related problem in comment section or through our contact page.