August 8, 2022
- CloudGuard Spectral detects 10 malicious packages on PyPI, the leading Python package index used by developers for the Python programming language
- Malicious packages install info stealers that allow attackers to steal developer’s private data and personal credentials
- Once detected, CPR disclosed the information and warned PyPI about these packets. To be removed later by PyPI
- CPR urges users to be alert and aware of these packages
PyPI is the leading Python repository and is most widely used by Python users. Every python developer is familiar with the daily routine of ‘pip install’ to bring the Python software they need.
Pypi helps developers find and install software developed and shared by other developers of this community. The platform and its use is currently free and developers use the repository on a daily basis. According to their own website, Pypi has over 612,240 active users, working on 391,325 projects, with 3,664,724 releases.
What many users don’t know is the fact that this simple one-liner command can put them at increased risk. The pip install command triggers a package install that may contain a setup.py script. This script may contain Python snippets to perform the required installation process on the target installation machine. Hackers use that feature to place malicious code as part of the installation script, code that runs seamlessly on the user’s computer without being noticed. Ignorance is no bliss in this case, as such attacks often harvest very critical data points, such as passwords and API tokens. In addition, such attacks are increasing. A pertinent example is the recent pygrata attack that used malicious packages to steal Amazon Web Services (AWS) keys and environment variables as part of a supply chain attack. It is important to note that the malicious actors are not waiting, and as you will see, the same attackers seem to have already generated a new campaign against PyPI users. Details of the packages we detected are described and detailed in this blog.
Ascii2text is a malicious package, which simply mimics the popular art package with name and description. Interestingly enough, they were smart enough to copy the entire project description without the release part, which kept users from realizing that this is a fake package.
The fake ascii2text description VS the original art package description
The malicious package component was contained in the package __init__.py file, imported by the setup.py installation script. The code in the __init__.py file was responsible for downloading and executing a malicious script that searches for local passwords and uploads them using a discord webhook.
The malicious fragment in the __init__.py
The malicious script it downloads
Pyg-utils, Pymocks and PyProto2
Pyg-utils appears to be a holdover from the recent Pygrata campaign that aimed to collect users’ AWS credentials. As part of the setup.py installation, Pyg-utils connects to the same malicious domain (pygrata.com) which could be an infrastructure for a phishing attack. Interestingly, Pymocks and PyProto2 have nearly identical code targeting a different domain – pymocks.com. While Pyg-utils was released on 15/6, Pymocks and PyProto were released more recently (24/6 and 4/7 accordingly). The domain Pymocks.com was also created on the same day (24/6). Therefore, it makes sense to assume that all these packages were created by the same malicious actor, probably prompted by the fact that Pyg-utils went under the hood and decided to copy and reactivate their malicious campaigns.
The malicious setup.py file from Pyg-utils alongside the nearly identical Pymocks and PyProto2 files
Test-async is described in the description as a ‘very cool test package that is extremely useful and that everyone needs 100%’. In the setup.py installation script it downloads and executes probably malicious code from the web. Interestingly, prior to downloading that snippet, it notifies a Discord channel that a “new run” has started.
Test-async setup.py install script
Free-net-vpn and Free-net-vpn2 are malicious packages that target environment variables. With its setup.py installation script a clean and documented code to collect the user credentials (nice to see even hackers pay attention to code standards). These secrets are then published to a site mapped by a dynamic DNS mapping service.
Free-net-vpn setup.py installation script
The zlibsrc package was probably trying to confuse legitimate users with the popular Python built-in zlib package. On its setup.py script, it downloads and runs a malicious file as part of the installation.
Zlibsrc __init__.py script
Browserdiv is a malicious package that aimed to steal the installer credentials by collecting them and sending them to a predefined discord webhook. Interestingly, while it appears to be aimed at web design-related programming (bowser, div) according to the naming, according to the description the motivation of the package is to enable the use of selfbots within Discord.
Browserdiv setup.py install script
A malicious package that steals users’ login credentials as part of the setup.py installation script (interesting, although based on the description it’s a ‘package to exploit Windows RPC vulnerability’, the reality is it just steals the installer credentials).
WINRPCexploit setup.py installation script
CloudGuard Spectral users remain protected from malicious packages
Supply chain attacks are designed to exploit trust relationships between an organization and external parties. These relationships may include partnerships, supplier relationships, or the use of third-party software. Cyber threat actors will compromise an organization and then move up the supply chain, using these trusted relationships to access other organizations’ environments. Such attacks have become more common in recent years and have had a greater impact in recent years, which is why it is essential that developers ensure that their actions remain safe, double checking every software ingredient in use and especially those that are downloaded. from various repositories, especially those that are not self-created.
At Spectralops.io, Now A Check Point company, our mission is to generate a secure development process, to make sure developers are doing the right things (in terms of security). As part of this effort, we continuously scan PyPI for malicious packages to prevent such risks from supply chain attacks.
Responsible disclosure to PyPi
After identifying these malicious users and packages, our researchers alerted PyPI via the provided email address on PyPi’s official website, inviting users to warn about security issues and asking them to remove them. After our disclosure, PyPI removed these packages.