ESET Research Uncovers Malicious Python Projects on PyPI

ESET Research has brought to light a concerning situation in the Python programming community: a series of malicious Python projects found in PyPI, the official repository for Python packages. This threat, which targets both Windows and Linux systems, is capable of delivering a custom backdoor. In some instances, the payloads are even more dangerous, involving variants of the infamous W4SP Stealer or a simple clipboard monitor designed to steal cryptocurrency.

The research team discovered a staggering 116 malicious packages embedded in 53 projects within PyPI. Alarmingly, these packages have been downloaded over 10,000 times, with an average download rate of about 80 per day since May 2023. The malware in question is particularly invasive, capable of executing remote commands, exfiltrating data, and taking screenshots. The backdoor component has been developed for both Windows and Linux systems – in Python and Go, respectively.

PyPI is widely used by Python programmers for sharing and downloading code. Due to its open nature, where anyone can contribute, the repository can sometimes become a host for malware disguised as legitimate software. The malicious packages found by ESET resemble legitimate ones, but the main method of distribution appears to be social engineering rather than typosquatting. Victims are often duped into installing these packages through misleading instructions.

The operators behind this campaign have employed various techniques to embed malware into Python packages. One common approach involves placing a “test” module within the package, containing lightly obfuscated code that executes upon package importation. Another technique is the embedding of PowerShell code within the setup.py file, a method effective on Windows systems. Additionally, some packages contain only malicious code, foregoing any legitimate software.

On Windows, persistence is often achieved through a VBScript Encoded file, set to run at regular intervals. For Linux systems, persistence is assured by placing a malicious desktop entry in the autostart directory.

The final payloads of these attacks vary, ranging from custom backdoors allowing extensive system control to clipboard monitors that target cryptocurrency wallets. In some cases, the payload includes a variant of the W4SP Stealer, a tool known for stealing sensitive information.

ESET's products can detect these malicious Python packages, categorizing them as variants of Python/Agent and Python/TrojanDownloader, and the backdoor as Python/Agent.AOY or Linux/Spy.Agent.BB.

Most of these malicious packages have already been removed from PyPI, thanks to ESET's proactive communication with the platform. All known malicious packages are now offline, with a complete list available on ESET's GitHub repository. It's important to note that the presence of malware in PyPI's project repository does not indicate a security flaw with PyPI itself, as the platform conforms to widely accepted best practices.

This incident serves as a reminder to Python developers about the ongoing risk of cyberattacks via software repositories like PyPI. Developers are advised to exercise caution and thoroughly vet code from public repositories, especially for the techniques used in these attacks, to protect their systems from such threats.