A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries.
The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection.
The malicious sympy-dev package directly copies SymPy’s official project description and branding elements, creating a convincing facade that increases the risk of accidental installation.
The threat actor, identified as “Nanit,” published four malicious versions (1.2.3 through 1.2.6) on January 17, 2026, which accumulated over 1,000 downloads within the first day.
Socket’s Threat Research Team identified a malicious PyPI package, sympy-dev, that impersonates SymPy, a widely used symbolic mathematics library with roughly 85 million downloads per month.
In-Memory Execution Reduces Detection
The backdoor activates when developers use specific SymPy polynomial functions, embedding malicious code into routine mathematical operations.
Upon triggering, the compromised functions retrieve a remote JSON configuration file from command-and-control infrastructure, download a threat actor-controlled ELF payload, and execute it directly from memory using Linux’s memfd_create system call and /proc/self/fd references.
This technique significantly reduces on-disk artifacts, making traditional file-based detection methods less effective.
The loader operates silently, suppressing error messages to avoid breaking normal SymPy functionality and maintain stealth during active development or production workloads.
Socket’s dynamic analysis recovered two XMRig cryptominer binaries (SHA-256: 90f9f8842ad1b824384d768a75b548eae57b91b701d830280f6ed3c3ffe3535e and f454a070603cc9822c8c814a8da0f63572b7c9329c2d1339155519fb1885cd59) from live executions.
Both payloads are UPX-packed and mine cryptocurrency to threat actor-controlled Stratum endpoints over TLS on port 3333.
However, the Python-based loader functions as a general-purpose deployment mechanism capable of executing arbitrary code under Python process privileges, making it suitable for ransomware, data exfiltration, or persistent backdoors.
Version 1.2.6 introduces redundancy by adding a second trigger in the roots_cubic() function, pointing to separate infrastructure, increasing activation likelihood across diverse workloads, and providing operational resilience if one command-and-control server goes offline.
Mitigations
At the time of reporting, sympy-dev remains active on PyPI package despite Socket’s petition for removal.
Organizations should immediately audit dependency files for sympy-dev references, implement dependency pinning with integrity checks, restrict installations to vetted indexes or internal mirrors, and monitor for Python processes making unexpected outbound connections or spawning memory-executed payloads.
Socket’s security tools including the GitHub App, CLI, Firewall, browser extension, and MCP integration provide comprehensive protection by flagging typosquats before merge, blocking malicious packages during installation, and warning developers about suspicious listings during browsing sessions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.