Malicious PyPI Code Packages Rack Up Thousands of Downloads

Three malicious packages hosted in the Python Package Index (PyPI) code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into installations in various applications.

Independent researcher Andrew Scott found the packages during a nearly sitewide analysis of the code contained in PyPI, which is a repository of software code created in the Python programming language. Like GitHub, npm and RubyGems, PyPI allows coders to upload software packages for use by developers in building various applications, services and other projects.

Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.

In this case, Scott found a malicious package containing a known trojan malware and two info-stealers.

The trojanized package is called “aws-login0tool,” and once the package is installed, it fetches a payload executable that turns out to be a known trojan, he said.

“I found this package because it was flagged in multiple text searches I did looking at setup.py, since that’s one of the most common locations for malicious code in Python packages since arbitrary code can be executed there at install time,” Scott explained in a Sunday posting. “Specifically I found this by looking for import urllib.request since this is commonly used to exfiltrate data or download malicious files and it was also triggered by from subprocess import Popen which is somewhat suspicious because most packages don’t need to execute arbitrary command line code.”

Scott also identified two other malicious packages by looking at the import urllib.request string, both of which are built for data exfiltration.

Named “dpp-client” and “dpp-client1234I,” the two were uploaded by the same user in February. During installation, they collect details on the environment and file listings, and appear to “be looking specifically for files related to Apache Mesos,” Scott said, which is an open-source project to manage computer clusters. Once the information is gathered, it’s sent off to an unknown web service, according to the researcher.

The Python security team removed the identified packages once notified on Dec. 10, but all three packages live on thanks to the projects that imported them prior to the removal.

Scott said that the trojan package was first added to PyPI on Dec. 1. It was subsequently downloaded nearly 600 times. As for the data stealers, the dpp-client package has been downloaded more than 10,000 times, including 600+ downloads in the last month; dpp-client1234 has been downloaded around 1,500 times. and both packages mimicked an existing popular library with their source code URL, “so anyone browsing to the package in PyPI or analyzing how popular the library was would see a large number of GitHub stars and forks – indicating a good reputation.”

The software-supply chain has become an increasingly popular method of distributing malware. Last week, for instance, a series of malicious packages in the Node.js package manager (npm) code repository that looked to harvest Discord tokens was found. The packages can be used to take over unsuspecting users’ accounts and servers.

There’s a sea of unstructured data on the internet relating to the latest security threats. REGISTER TODAY to learn key concepts of natural language processing (NLP) and how to use it to navigate the data ocean and add context to cybersecurity threats (without being an expert!). This LIVE, interactive Threatpost Town Hall, sponsored by Rapid 7, will feature security researchers Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights (a Rapid7 company), plus Threatpost journalist and webinar host, Becky Bracken.

Register NOW for the LIVE event!