Typosquatting campaign, malicious packages slam PyPI

The Python Package Index briefly suspended the creation of new projects on Thursday to mitigate threat activity involving a large-scale typosquatting campaign and hundreds of malicious python packages.

Several security vendors, including Checkmarx, Check Point Software Technologies and Phylum, flagged the malicious activity in threat reports Thursday. On March 26, Phylum researchers said they identified two waves of an automated typosquatting campaign in which threat actors would upload malicious packages to fake Python sites claiming to provide official packages from PyPI.

Both Phylum and Check Point researchers said they identified approximately 500 malicious packages posing as legitimate popular tools, such as Requests, Colorama and CapMonster Cloud. CheckMarx, meanwhile, reported that the campaign was part of a multi-stage attack aimed at stealing cryptocurrency, sensitive browser data and credentials from PyPi users. In addition, the payload contained in the malicious packages has a persistence mechanism designed to survive system reboots.

In response to this campaign, PyPI suspended the creation of new projects on Thursday morning. "We have temporarily suspended new project creation and new user registration to mitigate an ongoing malware upload campaign," the Python status site read. It resumed normal operations roughly 10 hours later.

"The typosquatting campaign we detected comprised over 500 malicious packages, deployed in two distinct waves on PyPI," Check Point wrote in its blog post. "Initially, approximately 200 packages were introduced, followed by an additional batch of more than 300. Each package originated from a unique maintainer account featuring distinct metadata such as name and email. Notably, each maintainer account uploaded only one package, indicating the utilization of automation in orchestrating the attack."

Check Point researchers noted that supply chain attacks are on the rise and that open-source repositories such as PyPI, which has more than 800,000 users, are attractive targets for threat actors.

"This underscores the persistent challenge posed by determined attackers, who adeptly circumvent platform restrictions despite efforts by PyPI to fortify its defenses," the blog post read. "The decentralized nature of the uploads, with each package attributed to a different user, complicates efforts to cross-identify these malicious entries. Accounts associated with the campaign were established on March 26th, with the malicious packages swiftly uploaded the following day, likely as a camouflage tactic to evade detection by heuristic malware scanning mechanisms."

In an email, the Check Point CloudGuard Research Team told TechTarget Editorial that the identity of the threat actor behind the attacks "is not known at this time."

In Checkmarx's research blog, the vendor said the activity highlights the ongoing nature of threats in the software development ecosystem. "This incident is not an isolated case, and similar attacks targeting package repositories and software supply chains are likely to continue," researchers said.

The campaign against PyPI marks the second supply chain threat against the Python development community this week. On Monday, Checkmarx published research dedicated to a threat campaign it observed involving unidentified threat actors distributing "a malicious dependency hosted on a fake Python infrastructure, linking it to popular projects on GitHub and to legitimate Python packages."

The campaign utilized typosquatting to host malicious code on fake, legitimate-looking Python package sites. This type of threat activity is not unusual for open source projects. Typosquatting is an effective tactic for supply chain attacks and code poisoning.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.