PyPI shared repository discloses sharing of malicious packages that target cryptocurrency

What is PyPI?
The official Python Package Index (PyPI) is a repository of software for the Python programming language. It is a good resource for finding and sharing Python packages and is an essential tool for any Python developer. Developers can upload their Python packages to PyPI to make them available to other Python developers.

Malicious Packages:  Disclosed since November

Initially, 451 unique malicious packages had been uploaded to PyPI, which was disclosed in November 2022. As of January 2023 alone, there had been 691 malicious packages in the npm registry and 49 malicious packages in PyPI.

The PyPI repository disclosed that malicious actors are trying to infect developer systems with clipper malware—a way of spear phishing with malicious documents.

The main target of the attacks is to manipulate cryptocurrency transactions that are initiated by the compromised developer and redirect them to wallets that are controlled by the attackers.

What can I do if I use one of these malicious repositories?

It is vital to be aware of your code and where it is coming from. Sometimes it is unavoidable, so if you did have code acting maliciously from a repository, we have to update or replace the code.

As always, if you have any reason to believe your organization has used malicious software, or like to insure all your software is free of security exploits. Please do not hesitate to contact our incident response team.