9 August 2022

10 malicious packages found in PyPI repository


10 malicious packages found in PyPI repository

Security researchers have discovered a set of 10 software packages containing malicious code in the Python Package Index (PyPI) repository, which turned out to be droppers for information-stealing malware.

The offending packages were designed to look like legitimate software and in some cases disguised as other popular packages on PyPI, such as Ascii2text.

According to Check Point researchers, the bad actors behind the malicious packages embedded malicious code into the package installation script so the malware would be installed on a victim’s machine unnoticed.

In case of the fake package called Ascii2text the malicious code was hidden in a file (_init_.py) imported by the installation script (setup.py).

“The code on the __init__.py file was responsible for downloading and executing a malicious script which searches for local passwords and uploads them using a discord web hook,” Check Point explained.

Based on some facts, the researchers believe that three of the 10 malicious packages (Pyg-utils, Pymocks and PyProto2) have been developed by the same author behind the recent Pygrata campaign whose aim was to harvest users’ AWS credentials.

Upon discovering the malicious packages Check Point contacted the PyPI administrators and the rogue software was removed from the repository.

Back to the list

Latest Posts

Cyber security week in review: September 23, 2022

Cyber security week in review: September 23, 2022

The world in brief: Cryptomarket maker Wintermute robbed of $160M in a hack, old Python bug potentially affects 350,000 open-source projects, and more.
23 September 2022
Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

Unpatched 15-year-old Python vulnerability puts at risk over 350,000 open-source projects

The vulnerable Python tarfile module is found extensively in frameworks created by Netflix, AWS, Intel, Facebook, Google and other software.
22 September 2022
Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

Malicious actors continue to abuse Google Tag Manager tool to install e-skimmers

The researchers said they discovered three variants of malicious scripts hidden within GTM containers that function either as e-skimmers or as downloaders for installing e-skimmers.
21 September 2022