PyPI is the official Python Package Index that currently contains 500,972 projects, 5,228,535 million releases, 9,950,103 million files, and 770,841 users. PyPI helps users locate and install software developed and released by the Python community as well as serving as a repository where developers can distribute their software.
Recently, cybersecurity specialist ESET discovered a series of malicious Python projects within PyPI, each of which deployed a customized backdoor containing cyberespionage functionality. The malicious code allowed file execution and file exfiltration, and could even — in certain scenarios — enable screenshots to be taken of a user’s screen. ESET also reported that, in some cases, the W4SP Stealer (which siphons user data) or a clipboard monitor that steals cryptocurrency is delivered instead.
In total, 116 malicious packages in PyPI were uploaded across 53 projects and downloaded more than 10,000 times.
According to ESET researcher Marc-Etienne M.Léveillé, “Some malicious package names do look similar to other, legitimate packages, but we believe the main way they are installed by potential victims isn’t via typosquatting, but social engineering, where they are walked through running pip to install an ‘interesting’ package for whatever reason.”
In his blog post, “A pernicious potpourri of Python packages in PyPI,” M.Léveillé said, “PyPI continues to be abused by cyber attackers to compromise Python programmers’ devices.” He continues, “This campaign displays a variety of techniques being used to include malware in Python packages. Python developers should thoroughly vet the code they download, especially checking for these techniques, before installing it on their systems. As well as continuing to abuse the open-source W4SP Stealer, the operators have also deployed a simple, but effective, backdoor. We expect that such abuse of PyPI will continue and advise caution when installing code from any public software repository.”
By the time ESET published its findings, most of the packages had been taken down by PyPI. And, at this point, all the known malicious packages are now offline.
The operators behind this subterfuge used three different techniques for the campaign: placing a test module with minimal, slightly obfuscated malicious code; embedding PowerShell code into the setup.py file; and including only malicious code in the package that is slightly obfuscated.
On Windows, the backdoor was implemented in Python. On Linux, the backdoor used the Go language.
Given how widespread Python is, developers should vet any third-party code they use before adding it to their projects. ESET firmly believes the abuse of PyPI will continue. M.Léveillé went so far as to advise caution in “installing code from any public software repository.”