Table of Contents
  • Home
  • /
  • Blog
  • /
  • 8 Malicious Python Libraries Found On PyPI – Remove Them As Soon As Possible
July 30, 2021
|
3m

8 Malicious Python Libraries Found On PyPI – Remove Them As Soon As Possible


8 Malicious Python Libraries Found On Pypi

Researchers identified eight malicious Python libraries on PyPI web portal. According to the report, these packages were downloaded more than 30000 times. However, all the packages were removed from the portal after finding them containing malicious code for stealing credit cards and injecting code. Let’s see more about these malicious Python Libraries.

We have been told several times, supply chain attacks are dramatically increasing these days. Because supply chain attacks are hard to identify and easy to compromise, this is quite obvious. People trust the vendor sites to download the packages and install them on their resources, assuming they are secure. To the sad, sometimes attackers succeed in hosting infected packages on the Vendor sites to launch the attack on the customers. This development in the cyber world made people no surprise even if their network gets infected from a genuine source.

What Is PyPI?

PyPI is the official third-party package repository for Python on which millions of Python packages are available for download. It is also called Python Package Index.

List Of Malicious Python Libraries Found On PyPI:

Lint of Malicious Python Libraries are listed below:

Package nameMaintainerPayload
noblessexin1111Discord token stealer, Credit card stealer (Windows-based)
genesisbotxin1111Same as noblesse
arexin1111Same as noblesse
suffersufferSame as noblesse , obfuscated by PyArmor
noblesse2sufferSame as noblesse
noblessev2sufferSame as noblesse
pytagoraleonora123Remote code injection
pytagora2leonora123Same as pytagora

What Is The Impact Of These Malicious Python Libraries?

The research found that these packages were found communicating with other malicious codes for plunder credit cards information, download other malware programs on the victim machine, steal passwords stored on the web browsers. Remote code executions, amass system information, steal discord authentication tokens to impersonate victims, injecting code, and maybe more. 

What Should You Do If You Have Downloaded Any Of These Malicious Python Libraries?

Supply chain attacks are almost impossible to prevent and difficult to detect. However, we have to learn how to be safeguard from such attacks. We suggest a few things, which could help you stop these attacks and few action items to minimize the damage if you have downloaded any packages.

Precautions:

  1. Set up an identical pre-production environment and run the security test on the newly-downloaded software or packages.

  2. Always keep the backup up to date to restore if in case of breakdown.

Action items if you found infected:

  1. Isolate the infected machine.

  2. Remove the malicious Python packages from the machine.

  3. Check the saved password in the browsers and change these compromised passwords in each respective website. Go here to see the saved passwords in edge browser: edge://settings/passwords

  4. Check the saved card information on the browser. Cancel the card if saved. Go here to see the saved cards in Chrome: chrome://settings/payments

  5. Run the full scan with antimalware solutions.

  6. Restore the system if you have taken the backup.

Thanks for reading this post. Please share this post and help to secure the digital world.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe