The Python Package Index (PyPI) has removed malware-deploying and data-stealing packages that were collectively downloaded thousands of times.
The trio of malicious packages duped unsuspecting users by typosquatting the names of legitimate packages.
‘Good reputation’
In the case of two packages that exfiltrated data from compromised systems, the number of downloads was also potentially inflated by how the authors deceptively burnished their credibility.
“Both of these packages included their source code URL as an existing popular library, so anyone browsing to the package in PyPI or analyzing how popular the library was would see a large number of GitHub stars and forks – indicating a good reputation,” said Andrew Scott, maintainer of Python security project Ochrona Security, in a Medium blog post.
Uploaded by the same user, the two packages – ‘dpp-client’ and ‘dpp-client1234’ – appeared to target users of Apache Mesos, which is used to manage computer clusters.
They were uploaded onto PyPI in February 2021, after which dpp-client was downloaded more than 10,000 times, including more than 600 downloads in the last month alone.
Scott thanked the Python security team for removing the packages promptly on December 13, the same day he notified them.
A third, Trojan-smuggling package dubbed ‘aws-login0tool’ notched roughly 600 downloads between surfacing on PyPI on December 1 and its removal when PyPI admins were alerted on December 10.
Malicious operandi
All three packages were identified as potentially malicious via the import urllib.request string, “since this is commonly used to exfiltrate data or download malicious files”, said Scott.
The data-stealing pair gathered environment variables and file listings, apparently seeking Apache Mesos-related files, and relayed them “to an unknown web service”.
The aws-login0tool performed a standard package install, before fetching an .exe file “from a nondescript domain” and attempting to execute the file, a known Windows trojan.
The package was flagged in multiple text searches in setup.py, a common location for malicious code in Python packages since arbitrary code can be executed there at install time, said Scott.
Python probing
The findings emerged from a static analysis of around 200,000 PyPI packages – approaching two-thirds of the total – after downloading them with Bandersnatch.
He extracted the packages by creating “a pretty simple Python script to recursively iterate through Bandersnatch’s somewhat complicated folder structure then decompressed and extracted each sdist, egg, or wheel out to a flat directory”.
“Once extracted I ran a number of string and regex searches using grep, then manually reviewed the results,” said Scott.
This technique also uncovered a minor vulnerability in an open source package developed by a commercial vendor.
Scott said he intended to update and refine his package analysis and would later publish additional findings.