Cybersecurity researchers have found a malicious campaign targeting developers using the Python Package Index (PyPI). Attackers are distributing fake Python libraries disguised as "time" related utilities to steal sensitive information, including cloud access credentials.
ReversingLabs found 20 malicious packages that have been downloaded over 14,100 times. These packages were designed to exfiltrate data to attacker-controlled servers. Some also contained cloud clients for services like Alibaba Cloud, Amazon Web Services (AWS), and Tencent Cloud.
GitHub repositories
Further analysis found that three of the malicious packages were dependencies of a GitHub project called "accesskey_tools". This project was forked 42 times and had 519 stars. Developers likely used these compromised packages unknowingly.
A commit referencing tcloud-python-test was made on November 8, 2023. It has been available on PyPI since then. It has been downloaded 793 times, according to pepy.tech.
Malicious packages on PyPI and npm
This is not an isolated incident. Fortinet FortiGuard Labs recently found thousands of malicious packages on both PyPI and npm. Some of them had suspicious installation scripts that executed malicious code or communicated with external servers.
Cybersecurity researcher Jenna Wang noted that suspicious URLs can signal malicious packages, as they are commonly used to fetch extra payloads or set up C&C connections. Fortinet found 974 packages with URLs linked to data theft, malware downloads, and other harmful activities. Developers should carefully examine external URLs in dependencies to prevent exploitation.
Discord developers targeted with fake package
In a related discovery, Socket found a malicious package on PyPI called pycord-self that steals authentication tokens from Discord developers. The package mimics discord.py-self with nearly 28 million downloads and replicates its functionality to avoid suspicion.
The official discord.py-self package allows developers to interact with Discord’s API for messaging, automation, bot creation, and moderation. The rogue pycord-self package has a hidden code that steals authentication tokens and sends them to an external server.
Besides stealing Discord tokens, pycord-self also sets up a stealthy backdoor. The package creates a continuous connection to a remote server via port 6969, enabling the attacker to run commands on the victim's system. It operates silently in the background, making detection difficult while maintaining its normal functionality.
Socket researchers stated that the malicious package executes a shell, 'bash' on Linux or 'cmd' on Windows, allowing attackers to maintain ongoing access to the victim's system.
How to stay safe
To avoid getting hit by these attacks:
- Verify package sources: Software dependencies should come from official sources
- Check for typosquatting: Attackers trick you using names similar to popular packages
- Review open-source code: Look for suspicious or obfuscated code before installing libraries
- Use security tools: Scanning tools can detect and block malicious packages before installation
- Monitor network activity: Regularly check outbound connections to detect unusual traffic patterns that might indicate data exfiltration.
- Use virtual environments: Install and test new packages in isolated environments before integrating them into production systems.
- Stay updated: Follow cybersecurity news and advisories to stay informed about emerging threats in the open-source ecosystem.
As open-source software supply chains are a prime target for cybercriminals, developers must be careful when adding third-party libraries.
