Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

A new supply chain attack targeting the Python ecosystem has been uncovered, where a malicious package on the Python Package Index (PyPI) impersonates the widely-used SymPy library to deploy cryptocurrency mining malware on Linux hosts. The package, named sympy-dev, was first published on January 17, 2026, and has already been downloaded over 1,100 times, suggesting some developers may have unknowingly installed the malware.

The malicious package meticulously copies the legitimate SymPy project description verbatim, presenting itself as a "development version" of the library to deceive users. This social engineering tactic is a common method for distributing malware through trusted package repositories, exploiting the trust developers place in open-source ecosystems.

Attack Mechanism: Memory-Resident Cryptocurrency Mining

According to security researchers at Socket, the package modifies legitimate SymPy functions to act as a downloader for an XMRig cryptocurrency miner. The malware is designed to trigger only when specific polynomial routines are called, a stealth technique that helps it avoid detection during routine testing or casual use.

Security researcher Kirill Boychenko explained the technical details: "When invoked, the backdoored functions retrieve a remote JSON configuration, download a threat actor-controlled ELF payload, and then execute it from an anonymous memory-backed file descriptor using Linux memfd_create and /proc/self/fd, which reduces on-disk artifacts."

This memory-resident approach is particularly concerning because it leaves minimal forensic evidence on the compromised system. The technique has been previously observed in cryptojacking campaigns orchestrated by threat groups like FritzFrog and Mimo.

Technical Breakdown of the Payload

The attack follows a multi-stage process:

1. Initial Infection: A developer installs sympy-dev from PyPI, believing it to be a legitimate development version of SymPy.
2. Trigger Mechanism: When specific mathematical functions (particularly polynomial routines) are called, the malicious code activates.
3. Configuration Retrieval: The malware fetches a remote JSON configuration from the threat actor's command-and-control server at 63.250.56[.]54.
4. Payload Download: An ELF binary (Linux executable) is downloaded from the same IP address.
5. Memory Execution: The binary is executed directly in memory using memfd_create, avoiding disk writes and making detection by traditional antivirus software difficult.
6. Cryptocurrency Mining: The XMRig miner is deployed with a configuration that enables CPU mining, disables GPU backends, and connects to Stratum over TLS endpoints on port 3333.

Broader Implications and Security Concerns

While this specific campaign focuses on cryptocurrency mining, the researchers emphasize that the Python implant functions as a "general purpose loader." This means the same mechanism could be used to deliver any arbitrary second-stage code, including ransomware, data exfiltration tools, or backdoors, all executed with the privileges of the Python process.

The attack highlights several critical vulnerabilities in software supply chain security:

1. Package Name Squatting: Attackers register package names that are similar to popular libraries, hoping to catch users who make typos or assume the package is legitimate.
2. Trust in Package Repositories: Developers often trust packages from official repositories like PyPI without verifying their authenticity or checking for recent updates.
3. Lack of Package Verification: Many development environments lack mechanisms to verify package signatures or checksums before installation.

Practical Recommendations for Developers

To protect against similar attacks, security experts recommend the following practices:

1. Verify Package Authenticity: Before installing any package, check the official PyPI page for the legitimate library. Look for the correct package name, verified maintainer information, and recent update history.

2. Use Virtual Environments: Always use isolated Python environments (virtualenv or conda) for projects. This limits the potential impact if a malicious package is installed.

3. Implement Dependency Scanning: Integrate tools like Socket, Snyk, or PyUp into your CI/CD pipeline to automatically scan for malicious packages and vulnerabilities.

4. Pin Dependencies: Use requirements.txt or pyproject.toml with exact version numbers rather than allowing wildcard versions. This prevents unexpected updates to malicious packages.

5. Monitor Network Activity: Use network monitoring tools to detect unusual outbound connections, especially to unknown IP addresses on non-standard ports.

6. Regular Security Audits: Periodically audit your project's dependencies and remove unused packages. Tools like pip-audit can help identify known vulnerabilities.

7. Enable Package Signing: While not universally supported, some package managers support cryptographic signing. Advocate for this practice within your organization.

The Growing Threat of Supply Chain Attacks

This incident is part of a broader trend of supply chain attacks targeting open-source ecosystems. Similar attacks have been documented against npm, RubyGems, and other package managers. The increasing reliance on open-source software in enterprise environments makes these attacks particularly dangerous.

The use of memory-resident techniques like memfd_create represents an evolution in malware tactics, making detection more challenging for traditional security tools. This technique, while not new, is becoming more prevalent in sophisticated attacks.

Detection and Remediation

For organizations that may have been affected:

1. Identify Compromised Systems: Check for the presence of the sympy-dev package in your Python environments using pip list.
2. Monitor for Mining Activity: Look for unusual CPU usage patterns, especially on development machines or servers running Python applications.
3. Network Monitoring: Check for connections to the IP address 63.250.56.54 on port 3333.
4. Remove and Reinstall: If the malicious package is found, remove it immediately and reinstall the legitimate SymPy library from the official source.
5. Credential Rotation: Consider rotating any credentials that may have been exposed on compromised systems.

Conclusion

The sympy-dev attack demonstrates how sophisticated threat actors are becoming at exploiting trust in open-source ecosystems. By combining social engineering with advanced technical evasion techniques, attackers can compromise development environments and potentially gain access to broader infrastructure.

Developers and security teams must remain vigilant, implementing multiple layers of defense to protect against supply chain attacks. This includes technical controls like dependency scanning, process controls like code review, and education to help developers recognize potential threats.

The malicious package remains available on PyPI as of this writing, underscoring the ongoing challenge of maintaining security in open-source package repositories. Users should verify any package they install, especially those with names similar to popular libraries.

For more information on this threat, security teams can refer to the Socket research analysis and monitor PyPI for updates regarding this malicious package.

Additional Resources

• PyPI Security Best Practices
• OWASP Software Supply Chain Security Guide
• Python Packaging Authority (PyPA) Security
• XMRig Official Documentation
• Linux memfd_create Man Page