A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts.
The package, named sympy-dev, mimics SymPy, replicating the latter’s project description verbatim in an attempt to deceive unsuspecting users into thinking that they are downloading a “development version” of the library. It has been downloaded over 1,100 times since it was first published on January 17, 2026.
Although the download count is not a reliable yardstick for measuring the number of infections, the figure likely suggests some developers may have fallen victim to the malicious campaign. The package remains available for download as of writing.
According to Socket, the original library has been modified to act as a downloader for an XMRig cryptocurrency miner on compromised systems. The malicious behavior is designed to trigger only when specific polynomial routines are called so as to fly under the radar.
“When invoked, the backdoored functions retrieve a remote JSON configuration, download a threat actor-controlled ELF payload, then execute it from an anonymous memory-backed file descriptor using Linux memfd_create and /proc/self/fd, which reduces on-disk artifacts,” security researcher Kirill Boychenko said in a Wednesday analysis.
The altered functions are used to execute a downloader, which fetches a remote JSON configuration and an ELF payload from “63.250.56[.]54,” and then launches the ELF binary along with the configuration as input directly in memory to avoid leaving artifacts on disk. This memory-resident technique has been previously observed in cryptojacking campaigns orchestrated by FritzFrog and Mimo.
The end goal of the attack is to download two Linux ELF binaries that are designed to mine cryptocurrency using XMRig on Linux hosts.
“Both retrieved configurations use an XMRig compatible schema that enables CPU mining, disables GPU backends, and directs the miner to Stratum over TLS endpoints on port 3333 hosted on the same threat actor-controlled IP addresses,” Socket said.
“Although we observed cryptomining in this campaign, the Python implant functions as a general purpose loader that can fetch and execute arbitrary second stage code under the privileges of the Python process.”
Update
The Python package is no longer available for download from PyPI as of January 24, 2026.
