A malicious package named sympy-dev was discovered on PyPI, impersonating the legitimate SymPy mathematics library. Downloaded over 1,100 times since January 17, 2026, the package deploys XMRig cryptocurrency miners on Linux systems. The attack uses in-memory execution via memfd_create to avoid disk artifacts, triggering only
Sort: