Malicious PyPI packages with over 10,000 downloads deleted


The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and removing Trojans from infected machines.

These malicious packages are estimated to have generated more than 10,000 downloads and mirrors put together, according to the researchers’ report.

Large-scale static analysis led to malicious discovery

This week, Andrew Scott, developer and senior product manager at Palo Alto Networks, reported discovering three malicious Python packages on the open source PyPI registry.

These malicious packages, shown below, have been downloaded and mirrored almost 15,000 times.

The first version of dpp-client surfaced on PyPI around February 13, 2021, and the one for dpp-client1234 the 14. Considering that the first version of aws-login0tool appeared more recently, on December 1.

Package name Maintainer The description Number of downloads *
aws-login0tool davycrockett5729492 Typosquatting candidate, remove the Trojan (EXE) on Windows 3 042
dpp-client cutoffurmind (Alex) Exfilter environment variables (Unix) and files 10 194
dpp-client1234 cutoffurmind (Alex) Exfilter environment variables (Unix) and files 1,536

* The aggregate number of downloads from PyPIstats and Pepy.tech may include mirrors (automated), in addition to organic downloads by developers.

While performing a large-scale static analysis of “a large percentage of packages on PyPI,” Scott came across these seemingly mysterious packages.

“I caught them mainly through manual inspection of setup.py files that matched various suspicion strings and regular expression patterns that I was looking for, ”Scott told BleepingComputer in an email interview.

“For example, most cases of the executive were benign, but it is a risky method to use, and commonly exploited by attackers creating malicious packages. “

To help him with his research, Scott used the Python Packaging Authority’s Bandersnatch open source project.

“Once I had downloaded a bunch of package distributions, I had to extract them for easier analysis. I set up a fairly simple Python script to recursively cycle through the folder structure somewhat. complicated from Bandersnatch, then unzipped and extracted each sdist, Egg, Where wheel in a flat directory, ”says the developer in his blog post.

After extracting the packages, the developer performed a series of search operations based on strings and regular expressions through the grep utility and manually reviewed the results.

“The result of this simple approach was actually quite impactful.”

Targets Windows PCs, Linux distributions running Apache Mesos

the aws-login0tool the package targets Windows machines and downloads a malicious 64-bit executable, normal.exe from to try[.]Georgia domain.

The malicious executable has been identified as a Trojan horse by 38% of antivirus engines on VirusTotal, at the time of writing:

aws-login0tool code
aws-login0tool remove malicious exe (Sound computer)

On the contrary, dpp-client and dpp-client1234 target Linux systems and examine environment variables, directory listing and exfilter that information to the pt.traktrain[.]com domain.

These packages attempt to access certain directories, including / mnt / mesos, indicating that the malware specifically searches for files related to Apache Mesos, an open source cluster management product.

client code dpp
The source code of one of the dpp-client versions (Sound computer)

What remains a mystery is a large number of downloads and mirrors for these packages.

At first glance, aws-login0tool seems to be an attempt at typosquatting as the developer points out – the ‘0’ and ‘-‘ keys being present next to each other on most keyboards. However, BleepingComputer is not aware of an active PyPI package named “aws-login-tool” that a smart attacker could be tempted to impersonate. Although one may have existed in the past.

BleepingComputer also observed the PyPI page for aws-login0tool, when alive, contained an explicit disclaimer requiring the user not to download the package:

“Please don’t use this … It does bad things … Oh, my dear :(“

PyPI download page for aws-login0tool
PyPI page for malware now removed aws-login0tool package (Sound computer)

Likewise, the project pages for dpp-client and dpp-client1234 Packages, as BleepingComputer saw, contained a single keyword “test” in their description that was implicitly part of a proof of concept exercise.

This development follows ongoing instances of malware and unwanted content targeting open source repositories such as PyPI, npm, and RubyGems.

Last month, JFrog’s security research team reported catching Discord information thieves among other malicious PyPI packages that abused a “new exfiltration” technique.

That same month, I wrote about a malicious PyPI package that made a crude attempt at typosquatting “boto3”, the Amazon Web Services SDK for Python.

In July of this year, six malicious PyPI packages were also detected mining cryptocurrency on developers’ machines.

Fortunately, the three aforementioned packages that Scott discovered were reported to PyPI admins on December 10 and removed promptly.

Update 7:26 am ET: Added quote from Scott.



Sam D. Gomez