Latest attack on PyPI users shows crooks are only getting better


A skull and crossbones on a computer screen are surrounded by ones and zeroes.

reader comments
27 with

More than 400 malicious packages were recently uploaded to PyPI (Python Package Index), the official code repository for the Python programming language, in the latest indication that the targeting of software developers using this form of attack isn’t a passing fad.

All 451 packages found recently by security firm Phylum contained almost identical malicious payloads and were uploaded in bursts that came in quick succession. Once installed, the packages create a malicious JavaScript extension that loads each time a browser is opened on the infected device, a trick that gives the malware persistence over reboots.

The JavaScript monitors the infected developer’s clipboard for any cryptocurrency addresses that may be copied to it. When an address is found, the malware replaces it with an address belonging to the attacker. The objective: intercept payments the developer intended to make to a different party.

In November, Phylum identified dozens of packages, downloaded hundreds of times, that used highly encoded JavaScript to surreptitiously do the same thing. Specifically, it:

  • Created a textarea on the page
  • Pasted any clipboard contents to it
  • Used a series of regular expressions to search for common cryptocurrency address formats
  • Replaced any identified addresses with the attacker-controlled addresses in the previously created textarea
  • Copied the textarea to the clipboard

“If at any point a compromised developer copies a wallet address, the malicious package will replace the address with an attacker-controlled address,” Phylum Chief Technical Officer Louis Lang wrote in the November post. “This surreptitious find/replace will cause the end user to inadvertently send their funds to the attacker.”

New obfuscation method

Besides vastly increasing the number of malicious packages uploaded, the latest campaign also uses a significantly different way to cover its tracks. Whereas the packages disclosed in November used encoding to conceal the behavior of the JavaScript, the new packages write function and variable identifiers in what appear to be random 16-bit combinations of Chinese language ideographs found in the following table:

uploaded 214 booby-trapped packages to the PyPI, RubyGems, and NPM repositories that contained slightly modified names of legitimate packages. The result: The imposter code was executed more than 45,000 times on more than 17,000 separate domains, and more than half the was given all-powerful administrative rights. So-called typosquatting attacks have flourished ever since.

The names of all 451 malicious packages the Phylum researchers found are included in the blog post. It’s not a bad idea for anyone who intended to download one of the legitimate packages targeted to double-check check they didn’t inadvertently obtain a malicious doppelganger.

Article Tags:
Article Categories:
Technology