As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks.

“Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them as a platform to spread malware, whether through typosquatting, dependency confusion, or simple social engineering attacks,” JFrog researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe said Thursday.

PyPI, short for Python Package Index, is the official third-party software repository for Python, with package manager utilities like pip relying on it as the default source for packages and their dependencies.

The Python packages in question, which were found to be obfuscated using Base64 encoding, are listed below –

  • pytagora (uploaded by leonora123)
  • pytagora2 (uploaded by leonora123)
  • noblesse (uploaded by xin1111)
  • genesisbot (uploaded by xin1111)
  • are (uploaded by xin1111)
  • suffer (uploaded by suffer)
  • noblesse2 (uploaded by suffer)
  • noblessev2 (uploaded by suffer)

The aforementioned packages could be abused to become an entry point for more sophisticated threats, enabling the attacker to execute remote code on the target machine, amass system information, plunder credit card information and passwords auto-saved in Chrome and Edge browsers, and even steal Discord authentication tokens to impersonate the victim.

PyPI is hardly alone among software package repositories that have emerged as a potential attack surface for intruders, with malicious packages uncovered in npm and RubyGems equipped with capabilities that could potentially disrupt a whole system or serve as a valuable jumping-off point for burrowing deeper into a victim’s network.

Last month, Sonatype and Vdoo disclosed typosquatted packages in PyPi that were found to download and execute a payload shell script that, in turn, retrieved a third-party cryptominer such as T-Rex, ubqminer, or PhoenixMiner for mining Ethereum and Ubiq on victim systems.

“The continued discovery of malicious software packages in popular repositories like PyPI is an alarming trend that can lead to widespread supply chain attacks,” said JFrog CTO Asaf Karas. “The ability for attackers to use simple obfuscation techniques to introduce malware means developers have to be concerned and vigilant. This is a systemic threat, and it needs to be actively addressed on several layers, both by the maintainers of software repositories and by the developers.”

“On the developers’ side, preventive measures such as verification of library signatures, and employing automated application security tools that scan for hints of suspicious code included in the project, should be an integral part of any CI/CD pipeline. Automated tools such as these can alert when malicious code paradigms are being used,” Karas added.