Freely subscribe to our NEWSLETTER

• Researchers provide visual examples of malicious packages caught
• Attacks rely on the fact that the Python installation process can include arbitrary code snippets
• Researchers alerted PyPI whose later removed these packages

Researchers at Spectralops.io, a Check Point company, have detected ten malicious packages on PyPI, a repository of software for the Python programming language. The security threat allows malicious actors to run malicious code on target machines, enabling attackers to steal private data and personal credentials of developers. The threat actors would leverage misleading names and descriptions of familiar packages to dupe users into installation.

PyPI helps developers find and install software developed and shared by other developers of this community. According to their own website, PyPI has over 609,020 active users, working on 388,565 projects, with 3,630,725 releases.

Attack Methodology

To execute their attacks, cyber criminals will trick users into installing a malicious package by using misleading names and descriptions. As part of the installation script, the malicious packages execute a malicious act, such as stealing user credentials. The malicious code finishes by sending the credentials it steals elsewhere. Ultimately, users are not aware that all of this has just happened.

Malicious Packages

Check Point Research (CPR) provides details on the packages they detected.
• Ascii2text. The code was responsible for downloading and executing a malicious script that searches for local passwords and uploads them using a discord web hook.
• Pyg-utils, Pymocks and PyProto2. As part of its setup.py installation, Pyg-utils connects to a malicious domain (pygrata.com) which could be an infrastructure for a phishing attack. Pymocks and PyProto2 interestingly have almost identical code which targets a different domain - pymocks.com.
• Test-async. Described in its description as a ‘very cool test package that is extremely useful and that everyone needs 100%’. In its setup.py installation script it downloads and executes, probably malicious, code from the web. Interestingly, prior to downloading that snippet, it notifies a Discord channel that a ‘new run’ was started.
• Free-net-vpn and Free-net-vpn2 are malicious packages which target environment variables. These secrets are then published to a site mapped by a dynamic DNS mapping service.
• Zlibsrc, probably trying to confuse PyPI users with the popular Python built-in zlib package.
• Browserdiv, steal the installers’ credentials and send them to a Discord web hook as part of the installation process.
• WINRPCexpoit, describes itself as a ‘package to exploit windows RPC Vulnerability’ while the reality is, it just steals the installer’s credentials.

Visual Example

Ascii2text is a malicious package.

      
The fake ascii2text description VS the origin art package description

Responsible Disclosure
Once detected, CPR disclosed the information and alerted PyPI on these packages was which later removed by PyPI.

Ori Abramovsky, Data Science Lead at Spectralops.io : "We discovered a set of malicious packages on PyPI, endangering the ones installing them. These attacks rely on the fact that the Python installation process can include arbitrary code snippets, which is a place for malicious players to put their malicious code at. We discovered it using machine learning models which analyze the code of these packages and auto alert on the malicious ones.

What’s remarkable here is just how common these malicious packages are. They are simple, yet dangerous. Personally, once I encountered these types of attacks, I started double checking every Python package I use. Sometimes I even download it and manually observe its code prior to installing it.”