The maintainers of the Python Package Index (PyPI) repository have temporarily suspended new user registrations after a large number of malicious projects were uploaded in a malicious cybersquatting campaign.
It said “new project creation and new user registration” were temporarily suspended to mitigate what it called “malware upload activity.” The incident was resolved 10 hours later, at 12:56 pm (UTC) on March 28, 2024.
Software supply chain security company Checkmarx said the unknown threat actor who flooded the repository targeted misspelled versions of popular software packages.
Researchers Yehuda Gelb, Jossef Harush Kadouri and Tzachi Zornstain said: “This is a multi-stage attack with a malicious payload designed to steal crypto wallets, sensitive data in the browser (cookies, extensions, etc.) and various credentials.” “In addition , the malicious payload employs a persistence mechanism to survive reboots.”
These findings were also independently confirmed by Mend.io, which noted that it detected more than 100 malware packages targeting machine learning (ML) libraries such as Pytorch, Matplotlib, and Selenium.
The development comes at a time when open source repositories are increasingly becoming an attack vector for threat actors to penetrate enterprise environments.
Phishing is a well-documented attack technique in which attackers upload packages with names that closely resemble their legitimate counterparts (for example, Matplotlib vs. Matplotlib). Food plot Or tensorflow comparison tensorflow) to trick unsuspecting users into downloading them.
The deceptive variants, totaling more than 500 packages per checkpoint, were found to have been uploaded from a unique account starting on March 26, 2024, suggesting that the entire process was automated.
“The fragmented nature of the uploads, with each package attributed to a different user, further complicates the effort to cross-identify these malicious entries,” the Israeli cybersecurity company said.
Cybersecurity firm Phylum, which has been tracking the same campaign, said the attackers posted –
- 67 requirements changes
- 38 variations of Matplotlib
- 36 request variations
- 35 color variations
- 29 variations of tensorflow
- 28 Variations of Selenium
- 26 variations of BeautifulSoup
- 26 variants of PyTorch
- 20 different pillows
- 15 variations of asyncio
For their part, these packages check whether the installer’s operating system is Windows and, if so, proceed to download and execute an obfuscated payload retrieved from an actor-controlled domain (“funcaptcha”)[.]Ru”).
The malware acted as a stealer, stealing files, Discord tokens, and data from web browsers and cryptocurrency wallets to the same server. It also attempts to download a Python script (“hvnc.py”) to the Windows startup folder for persistence.
This development once again illustrates the escalating risks posed by software supply chain attacks, so developers must carefully review every third-party component to ensure it protects against potential threats.
This isn’t the first time PyPI has taken this step. In May 2023, it temporarily banned user registrations after discovering that “the number of malicious users and malicious projects created on the index over the past week exceeded our ability to respond in a timely manner.”
For similar reasons, PyPI suspended new user registrations for the second time on December 27 last year. Subsequently canceled on January 2, 2024.
