A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers’ systems.
The malicious packages, discovered by Fortinet, were all uploaded by the same author named ‘Lolip0p’ between January 7 and 12, 2023. Their names are ‘colorslib,’ ‘httpslib,’ and ‘libhttps.’ All three have been reported and removed from the PyPI.
PyPI is the most widely used repository for Python packages that software developers use to source the building blocks of their projects.
Unfortunately, its popularity makes it a attractive for threat actors targeting developers or their projects. Typically, malicious packages are uploaded masquerading as something useful or they mimic renowned projects by modifying their name.
PyPI doesn’t have the resources to scrutinize all package uploads, so it relies on user reports to find and remove malicious files. By the time they are deleted, though, the bad packages usually count several hundred downloads.
Contrary to the typical malicious uploads on PyPI, the trio that Fortinet discovered features complete descriptions, which helps trick developers into believing they’re genuine resources.
In this case, the names of the packages do not mimic other projects but seek to convince they come with reliable, risk-free code.
According to PyPI package stat counting service ‘pepy.tech,’ the three malicious entries had the following download counts by the time they were removed on Sunday, January 14.
Although the number of downloads may seem small, the potential impact of these infections as part of a supply chain makes them significant.
All three packages feature the same malicious ‘setup.py’ file that attempts to run PowerShell that fetches an executable from a suspicious URL, named ‘Oxyz.exe.’ This piece of malware steals browser information.
BleepingComputer found that Oxyz.exe is also spread as a free Discord Nitro generator.
That second file is flagged by a few vendors on VirusTotal as malicious. Fortinet says ‘update.exe’ drops several additional files on the host, one of which (‘SearchProtocolHost.exe’), which is flagged as malicious by some AV vendors as an info-stealer.
Looking a little further, BleepingComputer found that at least one of the dropped processes is used to collect Discord tokens, suggesting that is part of a general information-stealing malware campaign used to steal browser data, authentication tokens, and other data from an infected device.
The detection rates for all three executables used in this attack are quite low, ranging between 4.5% and 13.5%, allowing the malicious files to evade detection from multiple security agents that may be running on the victim host.
Unfortunately, even after removing those packages from the PyPI, threat actors can still re-upload them at a later time under a different name.
To ensure the safety and security of their projects, software developers should pay attention selecting packages for download. This includes checking the package’s authors and reviewing the code any suspicious or malicious intent.