Skip to Content

Active malware campaign was found targeting PyPI and npm repositories

By: Author Alex Lim

Posted on  - Last updated:

Categories Cybersecurity

Updated on 2022-12-22: New PyPI malware

Phylum researchers have documented two waves of malicious packages published on the PyPI portal, one deploying the W4SP Stealer and the second deploying the Satan Stealer malware strains. ReversingLabs and Fortinet also have reports on other unrelated attack too. The Python Foundation really needs to get on top of its package repository because things are getting tiresome now. We’re at a new “malware on PyPI” report every and each week now. Read more:

Updated on 2022-12-16: Anti-debugging in the weirdest places

JFrog says it is seeing anti-debugging techniques leveraged to hide malicious behavior inside malicious Python libraries submitted to the PyPI package report. Their use suggests that malware authors are getting worried/annoyed with their malware being easily detected by the flurry of SecDevOps companies that have begun to routinely scan new PyPI submissions and alert the PyPI security team. Read more: PyPI malware creators are starting to employ Anti-Debug techniques

Updated on 2022-12-13

An active malware campaign was found targeting PyPI and npm repositories with fake and typosquatted modules that deliver ransomware, impacting supply chains. Read more: Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Updated on 2022-12-12: Ransomware via PyPI and npm

Researchers with SecDevOps company Phylum have discovered a cluster of 21 malicious PyPI packages and five npm libraries that were installing ransomware. The malicious libraries used names that were misspelled versions of legitimate packages, hoping to infect developers who didn’t spot typos during installation routines. The same threat actor was behind both the Python and JavaScript campaigns, and all malicious packages are now removed from the PyPI and npm portals. Read more: Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM

Ransomware via PyPI and npm

Updated on 2022-12-05: PyPI malware

ReversingLabs researchers discovered ten PyPI packages pushing modified versions of the W4SP Stealer malware. Researchers say the packages appear to be part of a concerted malware campaign that has been specifically focused on infecting Python developers with the W4SP Stealer malware, a campaign that has been ongoing since September and has also been spotted by other security firms like Checkmarx and Phylum. Read more: W4SP continues to nest in PyPI: Same supply chain attack, different distribution method

Updated on 2022-11-30: Hackers Exploit Popular TikTok Challenge to Install Malware

Hackers are exploiting the popular “Invisible Challenge” TikTok challenge to install malware. The challenge involves using a special effect to make a blurred, contour image of a person posing naked. The hackers are capitalizing on the fad by offering a tool that allegedly removes the filter; instead, it downloads password-stealing malware.

Note

  • Two things come to mind. First, when redacting information, make sure that it cannot be restored. Better still, don’t capture information you don’t want shared in the first place. Second, beware of social engineering, just as there is no Nigerian Prince offering you millions for your help, (sorry, there is not), these apps don’t unfilter anything. They do, however; install malware such as the WASP stealer malware. There are multiple malicious Python packages and other lures, such as one aimed at Discord users, with the same intent. Aside from cautioning users to not fall for scams to reveal the “person behind the mask,” remind them that what goes online stays online and really is controlled by the service hosting the content.
  • While the focus is on the open source app and shift in attacker tactics, this is really about capitalizing on human frailty to lure users into downloading the malicious app. Ingenious!

Read more in

Updated on 2022-11-29

Hackers are using the popular “Invisible Challenge” on TikTok to lure people into downloading an info-stealing malware, WASP. Read more: Attacker Uses a Popular TikTok Challenge to Lure Users Into Installing Malicious Package

Updated on 2022-11-28: WASP Stealer TikTok campaign

Security firm Checkmarx has spotted a malware campaign built around “Invisible Challenge,” a viral TikTok trend where users film themselves naked and use a special filter to remove their body from the video footage. Researchers say that a threat actor is currently promoting a Python package that can remove this effect, but in reality, the Python app installs a version of the WASP Stealer malware on their devices. Read more: ATTACKER USES A POPULAR TIKTOK CHALLENGE TO LURE USERS INTO INSTALLING MALICIOUS PACKAGE

Updated on 2022-11-25: PyPI malware

DataDog’s security team has an analysis of fastapi-toolkit, a Python library created earlier this year in March and which, all of a sudden, shipped a malicious update earlier this week. The malicious update allowed a remote attacker to execute arbitrary python code and SQL queries in the context of the web application. Read more: Investigating a backdoored PyPi package targeting FastAPI applications

Updated on 2022-11-19

Checkmarx researcher Jossef Harush Kadouri has published an analysis of the W4SP Stealer (or WASP Stealer) that was recently used in two PyPI-based supply chain attacks. In a more recent attack spotted by Phylum, the group behind this malware appears to be using the names of popular organizations to continue to spread their RAT via boobytrapped PyPI packages. Read more:

Updated on 2022-11-18

Malware dev sentenced in Russia

Russian authorities have sentenced a man named Sosin P.V. to two years in prison for developing a web-based penetration testing tool named WASP 1.0. According to a report, the tool combined software like the Apache HTTP server and the Arachni Scanner, together with SQLmap, a tool considered illegal in Russia. Sosin has filed an appeal which will be heard later this month. He has told local news outlets he is not expecting the sentence to be overturned. Read more:

Updated on 2022-11-17

Checkmarx detected hundreds of WASP info-stealer infections via malicious PyPI packages built to pilfer credentials, cryptocurrency, and personal information. Read more: WASP malware stings Python developers

Updated on 2022-11-09: Malicious PyPI packages

After discovering last week 29 malicious Python libraries that tried to install the W4SP Stealer malware on developers’ systems, DevOps security firm Phylum found another 27 Python libraries uploaded to the PyPI portal that installed a clipboard hijacker. According to Phylum, this malware would wait until the developer copies a cryptocurrency address in the clipboard and immediately replace it with one of the attackers. Read more:

Updated on 2022-11-05: W4SP Stealer Trojan Found in Malicious Python Packages

Researchers from Phylum have found nearly 30 malicious packages in Python Package Index (PyPI) that attempt to infect developers’ systems with the W4SP Stealer Trojan. The packages are clones of popular software packages with names that make them seem legitimate. The malicious packages have been downloaded 5,700 times.

Note

  • Luckily, these packages have not been downloaded very often. But they follow the proven playbook of publishing well-respected and frequently used packages under a slightly different name with malicious add-ons. This is likely going to catch developers new to Python. Python makes it relatively easy to enumerate packages used and you should regularly create lists of packages used by your code. Don’t miss dependencies that may have been installed by package managers like pip.
  • The attackers used various techniques to import their trojan by modifying the __init.py__ or setup.py script, which are subtle and hard to spot. That import statement creates a temporary file which is executed, downloading obfuscated code from multiple sites which contains a compressed object which is, actually, the W4SP Stealer, which is designed to steal information from users’ systems including browser passwords, crypto wallets and interesting files with financial related information. Make sure that you’re using the actual package you’re expecting, and the vetted version, particularly if you’re using any of the packages mentioned in the Phylum report.

Read more in

Updaed on 2022-11-04: Malicious PyPI packages

DevOps security firm Phylum said it found 29 newly published PyPI packages that tried to install a version of the W4SP Stealer on developer’s devices. Read more: Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

Updated on 2022-10-05

Snyk said they discovered a new malicious PyPI library named Raw-Tool that, during its installation, executes unknown binary files and reaches out to a suspicious domain. Read more: Phony PyPi package imitates known developer

Updated on September 2022

One-third of PyPI Packages Trigger Code Execution on Download

Close to one-third of packages in the Python Package Index (PyPI) automatically execute code after download. Checkmarx research engineer Yehuda Gelb writes’ “When a python package is installed, pip, python’s package manager, tries to collect and process the metadata of this package, such as its version and the dependencies it needs to work properly. This process occurs automatically in the background by pip running the main setup.py script that comes as part of the package structure.” Attackers could potentially place malicious code in the setup.py file.

Note

  • While we expect scripts to run as part of a pip install, it turns out pip download also executes the setup.py script, intended to resolve dependencies, provided the package doesn’t include a .whl (wheel) file which takes precedence over downloading the .tar.gz version of a package. The tricky part is if the .whl file is missing, the .tar.gz file is automatically downloaded (which has an embedded setup.py) and then the contents of setup.py are executed. As a mitigation, check your repositories for .whl files and if they are missing, don’t download using pip; use an alternate process to download the tar.gz file and investigate without executing.
  • Another Pypi and / or Python supply chain story. The interesting part here is that we can already see the increased scrutiny in Python specifically in Pypi with MFA stories and other issues. We have also seen npm in the news. But does this mean other languages are somehow not also in the same boat? It’s a daunting problem to solve and we have only started looking.

Read more in

Updated on August 2022

Phishing Campaign Targeting PyPI Developers

Python Package Index (PyPI) developers are being targeted in a phishing campaign that has succeeded in compromising some developers’ accounts. The phishing message used in this campaign says a mandatory package validation process is being implemented and that unvalidated packages risk being removed. PyPI reminds users that it never removes valid packages from the registry – just packages that violate PyPI’s terms of service. The campaign’s success might be partly attributable to the fact that many package registries are implementing MFA and other security measures. PyPI is offering free hardware security keys to maintainers of critical projects.

Note

  • This campaign was clever and should be included in awareness training for developers. Too often, training examples are too generic and users will miss these more targeted and sophisticated attempts. At the same time: There was (limited) resistance from developers against PyPi enforcing stronger authentication methods. Attacks like this show why we need strong MFA.
  • This was a credential stealing attack. PyPI states that accounts protected with hardware tokens are safe, and they are unsure about TOTP users. PyPI has announced a campaign to give away hardware security tokens for their top one percent of projects, based on download volume. Be aware of your source code repository’s efforts on both MFA and conditions for package removal or account disablement. With all the current activity around MFA and doctored-up packages, it’s easy to miss what is legitimate and what is not. PyPI has worked to roll back repositories which were compromised and contained malicious content as well as taking down numerous typo squatting repositories.
  • Am I the only one who finds the repositories late to their responsibility in the supply chain?

Read more in

Updated on July 2022

PyPI Mandates Two-Factor Authentication

The Python Package Index (PyPI) repository has begun rolling out a two-factor authentication (2FA) requirement for critical projects. Google’s Open Source Security Team has provided 4,000 Titan security keys to be given to eligible maintainers.

Note

  • The push-back from developers is interesting, and a good lesson for anybody rolling out 2FA in larger organizations. Developers contributing to PyPI are probably less likely to experience technical issues implementing 2FA than most organizations, and these developers are likely more aware than most about some of the issues with password-based authentication. But still, the extra complexity of 2FA was enough for some of them to rebel/refuse to participate.
  • It’s 2022. How have the other library management systems survived this long without requiring multi-factor? Having not been extremely into every library management system like this, it does make you question what the other managers are doing. Is this an oversight? Have threat actors been in these systems for years without tipping us off?
  • Good to see all the momentum and minimal (but not zero) pushback for stronger authentication in the software supply chain. Now is a good time to do a prototype test of 2FA within your organization, maybe just the security group and some security friendly IT admins. Find the trouble areas (there will be some) and develop, and get approved, plans for some level of 2023 rollout.
  • Nice move to incentivize the adoption of 2FA! Before you get too excited, note that the Titan keys are only authorized in Austria, Belgium, Canada, France, Germany, Japan, Spain, Switzerland, United Kingdom, and the United States. Other areas need either a FIDO U2F key or enable 2FA through a mobile app such as Google Authenticator, MS Authenticator, DUO Mobile, etc. Note that this simply prevents accounts being usurped by others, doesn’t ensure the integrity of the users who have the 2FA tokens.

Read more in

Updated on June 2022

Malicious Python Packages Uploaded Data to Publicly Exposed Endpoints

Sonatype detected several malicious Python packages on the PyPI repository that have been stealing sensitive information, including AWS credentials, and uploading it to publicly exposed endpoints. Sonatype has reported the malicious packages to PyPI; the packages have been removed from the repository.

Note

  • Another day, another malicious Python package. Sonatype is making a good case for not only scanning code you write, but also scanning code you are using from repositories like PyPi.
  • A reminder to not just trust modules provided externally. Make sure that you’re using the version you’ve qualified versus an imposter with “added functionality.” Even so, you’re doing static and dynamic code analysis, right? Consider limiting outbound connections to prevent connection to C2 services.
  • Developers are reminded that they are responsible for the quality of all code that they include or distribute in their products, regardless of its source.

Read more in

Updated on May 2022

Malicious Package Uploaded to PyPI Registry

More than 300 users were tricked into downloading a malicious package that was uploaded to the Python Package Index (PyPI) registry. The malicious package infects Windows, macOS, and Linux systems with Cobalt Strike. Automated detection bots at Sonatype discovered the malicious package.

Note

  • These types of attacks keep happening. And for good reason – they work. Organizations need to recognize that no technology stack will fully mitigate such attacks. This should shift some focus to “assumed breach” assessments where endpoint and network controls are tuned to discover (and validated against) post-exploitation activity. The good news is that detecting post-exploitation activity is substantially easier than preventing exploitation in the first place, largely owed to the fact that the search space is so much smaller.
  • Grab those IOC’s from the Sonatype blog and make sure you’re not messing with the typo squatting PyMafka project (vs PyKafka). Getting projects working with components from the legitimate versions of software packages is hard enough already; now we need to arm our developers with tools to detect and block malicious versions. Which means the next thing you need to do is to get smart about services which amount to an open-source firewall that performs inline analysis of downloaded content to block bogus packages.

Read more in

Overview: PyPI library

DevOps security company Sonatype has discovered a malicious Python package on the PyPI portal that would install Cobalt Strike beacons and backdoors on developers’ systems. The package was named pymafka and tried to pass as PyKafka, a popular Python library for working with the Apache Kafka project.