A malicious PyPI package named sympy-dev impersonated the legitimate SymPy mathematics library, accumulating over 1,000 downloads in its first day. The package injected cryptomining malware into polynomial code paths that downloaded and executed XMRig miners in memory using Linux memfd_create to avoid disk artifacts. The attack
Table of contents
Typosquatting Remains a Persistent Supply Chain Risk #Execution Chain That Turns Algebra Into Cryptomining #Second Stage Recovery From Live Execution #Outlook and Recommendations #Indicators of Compromise (IOCs) #MITRE ATT&CK #Sort: