The Python Package Repository PyPI (Python Package Index) has temporarily banned registration of new users and creation of new projects due to the continuous mass download of malicious packages during an automated attack. The lockdown was introduced after 566 packages with malicious code stylized as 16 popular Python libraries were uploaded to the repository on March 26 and 27.
Package names are formed using typesquatting, i.e. assigning similar names that differ in individual characters, for example, temsorflow instead of tensorflow, requyests instead of requests, asyincio instead of asyncio, etc. When conducting such attacks, attackers rely on inattentive users who made a typo or did not notice differences in the name when searching or clicking on a link from forums and chats where malicious users leave deceptive instructions.
Malicious packages are based on the code of legitimate libraries, which includes individual changes that install malware in the system that searches for and sends confidential data and files containing passwords, access keys, cryptographic wallets, tokens, and session cookies. Malicious code is embedded in the file setup.py, run during package installation. During activation, the made change loads the main malicious components from an external server.
In two days, the attackers downloaded 29 malicious versions of the tensorflow package, 26 - BeautifulSoup, 26 - PyGame, 15 - SimpleJson, 38 - Matplotlib, 26 - PyTorch, 67 - CustomTKInter, 28 - selenium, 17 - playwright, 15 - asyncio, and 67 - requirements. Additionally, separate cases of tampering with the requests, py-cord, colorama, capmonstercloudclient, pillow, and bip-utils libraries were identified.
An attack on the community is also noted separately Top.gg, which has 170 thousand users. During the attack, the attacker managed to compromise the GitHub account of one of the developers top.gg, by stealing browser cookies. The attacker also added three packages to the PyPI repository and registered the domains pypihosted.org and pythanhosted.org, on which a mirror was set up to distribute malicious dependencies to packages.
Via a hacked account in the top project's GitHub repository.gg that hosted the Python binding over the API Top.gg, a change was made to add the file requirements.txt. The file contained a list of downloadable dependencies, in which, under the guise of downloading a dependency from the mirror, there was a link to a malicious clone of the colorama package hosted on a fake domain pypihosted.org, with the expectation that developers won't notice any difference with the legitimate domain pythonhosted.org, from which packages with PyPI are usually downloaded.
+++
Administrators of the Python package repository PyPI (Python Package Index) published information about the detection of unauthorized access to 174 user accounts of the service. According to the assumption of PyPI representatives, the authentication parameters of affected users were obtained from collections of previously compromised credentials formed as a result of hacks or leaks of user databases of other services. Access to PyPI accounts was obtained due to the attack victims using the same passwords on different sites and not enabling two-factor authentication in the PyPI directory.
The attackers activity was detected after receiving a series of complaints in which users reported receiving notifications from PyPI about activating two-factor authentication, while they did not log in to their account at that time and did not change anything themselves. As a result of the analysis of logs, unauthorized access to the accounts of 174 users was revealed. No traces of packet tampering or other malicious activity were detected - all the attackers actions were limited to unauthorized access and changing accounts.
The affected accounts were blocked until the end of the trial, and all other PyPI users who did not have two-factor authentication enabled were sent notifications and initiated the process of re-verifying their email. A total of 370,000 users (56%) in the catalog did not have two-factor authentication enabled.
Package names are formed using typesquatting, i.e. assigning similar names that differ in individual characters, for example, temsorflow instead of tensorflow, requyests instead of requests, asyincio instead of asyncio, etc. When conducting such attacks, attackers rely on inattentive users who made a typo or did not notice differences in the name when searching or clicking on a link from forums and chats where malicious users leave deceptive instructions.
Malicious packages are based on the code of legitimate libraries, which includes individual changes that install malware in the system that searches for and sends confidential data and files containing passwords, access keys, cryptographic wallets, tokens, and session cookies. Malicious code is embedded in the file setup.py, run during package installation. During activation, the made change loads the main malicious components from an external server.
In two days, the attackers downloaded 29 malicious versions of the tensorflow package, 26 - BeautifulSoup, 26 - PyGame, 15 - SimpleJson, 38 - Matplotlib, 26 - PyTorch, 67 - CustomTKInter, 28 - selenium, 17 - playwright, 15 - asyncio, and 67 - requirements. Additionally, separate cases of tampering with the requests, py-cord, colorama, capmonstercloudclient, pillow, and bip-utils libraries were identified.
An attack on the community is also noted separately Top.gg, which has 170 thousand users. During the attack, the attacker managed to compromise the GitHub account of one of the developers top.gg, by stealing browser cookies. The attacker also added three packages to the PyPI repository and registered the domains pypihosted.org and pythanhosted.org, on which a mirror was set up to distribute malicious dependencies to packages.
Via a hacked account in the top project's GitHub repository.gg that hosted the Python binding over the API Top.gg, a change was made to add the file requirements.txt. The file contained a list of downloadable dependencies, in which, under the guise of downloading a dependency from the mirror, there was a link to a malicious clone of the colorama package hosted on a fake domain pypihosted.org, with the expectation that developers won't notice any difference with the legitimate domain pythonhosted.org, from which packages with PyPI are usually downloaded.
+++
Administrators of the Python package repository PyPI (Python Package Index) published information about the detection of unauthorized access to 174 user accounts of the service. According to the assumption of PyPI representatives, the authentication parameters of affected users were obtained from collections of previously compromised credentials formed as a result of hacks or leaks of user databases of other services. Access to PyPI accounts was obtained due to the attack victims using the same passwords on different sites and not enabling two-factor authentication in the PyPI directory.
The attackers activity was detected after receiving a series of complaints in which users reported receiving notifications from PyPI about activating two-factor authentication, while they did not log in to their account at that time and did not change anything themselves. As a result of the analysis of logs, unauthorized access to the accounts of 174 users was revealed. No traces of packet tampering or other malicious activity were detected - all the attackers actions were limited to unauthorized access and changing accounts.
The affected accounts were blocked until the end of the trial, and all other PyPI users who did not have two-factor authentication enabled were sent notifications and initiated the process of re-verifying their email. A total of 370,000 users (56%) in the catalog did not have two-factor authentication enabled.
