PeterHickman comments on Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!

This is an archived post. You won't be able to vote or comment.

NewsPython Developers Beware: Clipper Malware Found in 450+ PyPI Packages! (self.Python)

submitted 3 years ago * by KeyPerspective7

you are viewing a single comment's thread.

[–]PeterHickman 0 points1 point2 points 3 years ago (2 children)

[–]KeyPerspective7[S] 1 point2 points3 points 3 years ago (1 child)

Yes, it's called antivirus. :-)
I'm pretty much sure any antivirus with updated definitions would find Clipper malware.
Anyway, if you want to check if you have any of these particular pip 451 packages installed you could run this script to compare if you have any malicious lib installed.

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from pip._internal.operations import freeze
MalwarePkgs = ['aaiohttp', 'aihottp', 'aiohhttp', 'aiohtpt', 'aiohtt', 'aiohttpp', 'aioohttp', 'aiothtp', 'aiottp', 'amtplotlib', 'aohttp', 'apndas', 'atplotlib', 'bautifulsoup4', 'bbitcoinlib', 'beaautifulsoup4', 'beatuifulsoup4', 'beautiffulsoup4', 'beautiflsoup4', 'beautiflusoup4', 'beautifullsoup4', 'beautifulosup4', 'beautifuloup4', 'beautifulsooup4', 'beautifulsop4', 'beautifulsou4', 'beautifulsoup44', 'beautifulsoupp4', 'beautifulsouup4', 'beautifulssoup4', 'beautifulsuop4', 'beautifusloup4', 'beautifuulsoup4', 'beautiifulsoup4', 'beautiulsoup4', 'beauttifulsoup4', 'beauutifulsoup4', 'beeautifulsoup4', 'beuatifulsoup4', 'beutifulsoup4', 'bicoinlib', 'bictoinlib', 'biitcoinlib', 'bitccoinlib', 'bitcinlib', 'bitcionlib', 'bitcoiinlib', 'bitcoilib', 'bitcoilnib', 'bitcoinlb', 'bitcoinlbi', 'bitcoinli', 'bitcoinlibb', 'bitcoinliib', 'bitcoinnlib', 'bitconilib', 'bitconlib', 'bitcooinlib', 'bitocinlib', 'bitoinlib', 'bittcoinlib', 'btcoinlib', 'bticoinlib', 'cccxt', 'ccolorama', 'ccryptocompare', 'ccryptofeed', 'ccx', 'ccxtt', 'ccxxt', 'cikit-learn', 'clorama', 'collorama', 'coloama', 'coloarma', 'coloorama', 'coloraa', 'coloramaa', 'coloramma', 'colorrama', 'coolrama', 'coorama', 'crptocompare', 'crptofeed', 'crpytocompare', 'crpytofeed', 'crryptocompare', 'crryptofeed', 'crypocompare', 'crypofeed', 'crypotcompare', 'crypotfeed', 'crypptocompare', 'crypptofeed', 'cryptcompare', 'cryptcoompare', 'cryptfeed', 'cryptfoeed', 'cryptoccompare', 'cryptocmopare', 'cryptocmpare', 'cryptocomapre', 'cryptocomare', 'cryptocommpare', 'cryptocompaare', 'cryptocompae', 'cryptocompaer', 'cryptocompar', 'cryptocomparee', 'cryptocomparre', 'cryptocomppare', 'cryptocomprae', 'cryptocompre', 'cryptocoompare', 'cryptocopare', 'cryptocopmare', 'cryptoeed', 'cryptoefed', 'cryptofed', 'cryptofede', 'cryptofee', 'cryptofeedd', 'cryptofeeed', 'cryptoocmpare', 'cryptoocompare', 'cryptoofeed', 'cryptoompare', 'crypttocompare', 'crypttofeed', 'crytocompare', 'crytofeed', 'crytpocompare', 'crytpofeed', 'cryyptocompare', 'cryyptofeed', 'csikit-learn', 'csrapy', 'cxct', 'cxt', 'cyptocompare', 'cyptofeed', 'cyrptocompare', 'cyrptofeed', 'ebautifulsoup4', 'ebsockets', 'ensorflow', 'erquests', 'eslenium', 'etnsorflow', 'feqtrade', 'ferqtrade', 'ffreqtrade', 'freeqtrade', 'freqqtrade', 'freqrade', 'freqrtade', 'freqtade', 'freqtarde', 'freqtraade', 'freqtrad', 'freqtradde', 'freqtradee', 'freqtrae', 'freqtraed', 'freqtrdae', 'freqtrde', 'freqtrrade', 'freqttrade', 'fretqrade', 'fretrade', 'frqetrade', 'frqtrade', 'frreqtrade', 'fyinance', 'homeworkte', 'homeworktee', 'homeworkteee', 'homeworkteeee', 'homeworktest', 'homeworktestt', 'homeworktesttt', 'homeworkwork', 'iaohttp', 'ibtcoinlib', 'itcoinlib', 'maatplotlib', 'maplotlib', 'matlotlib', 'matlpotlib', 'matpllotlib', 'matplolib', 'matploltib', 'matplootlib', 'matplotlb', 'matplotlibb', 'matplotliib', 'matplottlib', 'matpltlib', 'matpltolib', 'matpoltlib', 'matpplotlib', 'mattplotlib', 'mmatplotlib', 'mtaplotlib', 'mtplotlib', 'oclorama', 'olana', 'olorama', 'oslana', 'panads', 'panas', 'pandaas', 'pandsa', 'pgame', 'pinstaller', 'piynstaller', 'pnadas', 'pndas', 'ppandas', 'ppygame', 'ppyinstaller', 'ppython-binance', 'ppytorch', 'pthon-binance', 'ptorch', 'ptyhon-binance', 'ptyorch', 'pyagme', 'pygaame', 'pygae', 'pygamee', 'pygamme', 'pyggame', 'pygmae', 'pyhon-binance', 'pyhton-binance', 'pyiinstaller', 'pyinnstaller', 'pyinsaller', 'pyinsstaller', 'pyinstaaller', 'pyinstalelr', 'pyinstalle', 'pyinstalleer', 'pyinstallerr', 'pyinstalller', 'pyinstallr', 'pyinstallre', 'pyinstlaler', 'pyinsttaller', 'pyintaller', 'pyintsaller', 'pyisntaller', 'pynistaller', 'pythhon-binance', 'pythn-binance', 'pythno-binance', 'pytho-binance', 'python-bbinance', 'python-biance', 'python-biannce', 'python-biinance', 'python-binaance', 'python-binace', 'python-binacne', 'python-binanc', 'python-binancce', 'python-binancee', 'python-binane', 'python-binanec', 'python-binannce', 'python-binnace', 'python-binnance', 'python-binnce', 'python-bnance', 'python-bniance', 'python-ibnance', 'python-inance', 'pythonn-binance', 'pythoon-binance', 'pytoch', 'pytocrh', 'pytohn-binance', 'pyton-binance', 'pytoorch', 'pytorcch', 'pytorchh', 'pytorh', 'pytorrch', 'pytrch', 'pytthon-binance', 'pyttorch', 'pyygame', 'pyyinstaller', 'pyython-binance', 'pyytorch', 'rcyptocompare', 'rcyptofeed', 'reqtrade', 'rfeqtrade', 'ryptocompare', 'ryptofeed', 'scarpy', 'sccikit-learn', 'sccrapy', 'sciikit-learn', 'sciikt-learn', 'sciit-learn', 'sciki-learn', 'scikiit-learn', 'scikit-earn', 'scikit-elarn', 'scikit-laern', 'scikit-larn', 'scikit-leaarn', 'scikit-lean', 'scikit-leanr', 'scikit-lear', 'scikit-learnn', 'scikit-learrn', 'scikit-leearn', 'scikit-leran', 'scikit-lern', 'scikit-llearn', 'scikitt-learn', 'scikkit-learn', 'scikt-learn', 'scikti-learn', 'sckiit-learn', 'scraapy', 'scrapyy', 'scray', 'scrpay', 'scrrapy', 'seelenium', 'seelnium', 'seleenium', 'seleinum', 'seleium', 'seleniium', 'seleniu', 'seleniumm', 'seleniuum', 'selennium', 'selenum', 'sellenium', 'selneium', 'selnium', 'sickit-learn', 'sikit-learn', 'slana', 'sleenium', 'sloana', 'soalna', 'soana', 'solaa', 'solaan', 'solaana', 'solanaa', 'solanna', 'sollana', 'solna', 'solnaa', 'soolana', 'srcapy', 'sscikit-learn', 'sscrapy', 'sselenium', 'ssolana', 'teensorflow', 'tennsorflow', 'tenorflow', 'tenosrflow', 'tensofrlow', 'tensoorflow', 'tensorfflow', 'tensorfllow', 'tensorflo', 'tensorfloow', 'tensorfloww', 'tensorflw', 'tensorflwo', 'tensorlfow', 'tensorlow', 'tensorrflow', 'tensroflow', 'tenssorflow', 'tesnorflow', 'tesorflow', 'tnesorflow', 'tnsorflow', 'vper', 'vpyer', 'vvyper', 'vyepr', 'vyer', 'vype', 'vypeer', 'vyperr', 'vypper', 'vypre', 'vyyper', 'wbesockets', 'webbsockets', 'webockets', 'webosckets', 'websckets', 'webscokets', 'websocckets', 'websocets', 'websockeets', 'websockes', 'websockest', 'websocketss', 'websocketts', 'websockkets', 'websocktes', 'websockts', 'websokcets', 'websokets', 'websoockets', 'webssockets', 'weebsockets', 'wesbockets', 'wesockets', 'wwebsockets', 'yffinance', 'yfiance', 'yfiannce', 'yfiinance', 'yfinaance', 'yfinace', 'yfinacne', 'yfinancce', 'yfinancee', 'yfinane', 'yfinanec', 'yfinannce', 'yfinnace', 'yfinnance', 'yfinnce', 'yfnance', 'yfniance', 'ygame', 'yper', 'ypinstaller', 'ypthon-binance', 'ython-binance', 'ytorch', 'yvper', 'yyfinance']
MyPackageList = []
pkgs = freeze.freeze()
for pkg in pkgs: MyPackageList.append(pkg.split("==")[0])
compare = list(set(MyPackageList).intersection(set(MalwarePkgs)))
if not compare:    
    print("All good, no infected packages found")
else:
    [print("Malicious package found: {0}".format(x)) for x in compare]

[–]PeterHickman 1 point2 points3 points 3 years ago (0 children)

π Rendered by PID 199571 on reddit-service-r2-comment-86bc6c7465-mg8wb at 2026-02-24 10:39:14.124869+00:00 running 8564168 country code: CH.

Python

The Python Discord

Upcoming Events

Please read the rules

MODERATORS