Researchers at software supply chain security firm Phylum have discovered over two dozen Python packages that are pushing info-stealing malware on the PyPi registry.

The company published their findings in a report on the 1st of November. “Last week, our automated risk detection platform alerted us to some suspicious activity in dozens of newly published PyPi packages”, Phylum said.

“It appears that these packages are a more sophisticated attempt to deliver the W4SP infostealer onto Python developer’s machines.”

Most of the packages contain obfuscated code that drops the W4SP infostealer on infected machines. In addition, other packages make use of malware purportedly created for “educational purposes” only.

How it works

The attack starts by copying existing popular libraries and simply injecting a malicious __import__ statement into an otherwise healthy codebase, Phylum says.

“The benefit this attacker gained from copying an existing legitimate package, is that because the PyPi landing page for the package is generated from the setup.py and the README.md, they immediately have a real looking landing page with mostly working links and the whole bit.”

Phylum also says that unless the packages are thoroughly inspected, a brief glance might lead one to believe it is a legitimate package.

What packages are affected

Phylum published a list of packages that have turned up so far and either contain the import directly or attempt to pip install one of the packages.

The researchers note that this is an ongoing attack with constantly changing tactics from determined threat actors. As such, they “suspect to see more malware like this popping up in the near future”.

Phylum also reports that, according to the PyPi download counter pepy.tech, the affected packages account for over 5700 downloads.

This is not the first time PyPi has been compromised by malware. Last year, an incursion led to 41,000 infected packages being downloaded from the repository.