• Home
  • |
  • Blog
  • |
  • 8 Malicious Python Libraries Found On PyPI – Remove Them As Soon As Possible
malicious Python libraries on PyPI

Researchers identified eight malicious Python libraries on PyPI web portal. According to the report, these packages were downloaded more than 30000 times. However, all the packages were removed from the portal after finding them containing malicious code for stealing credit cards and injecting code. Let’s see more about these malicious Python Libraries.

We have been told several times, supply chain attacks are dramatically increasing these days. Because supply chain attacks are hard to identify and easy to compromise, this is quite obvious. People trust the vendor sites to download the packages and install them on their resources, assuming they are secure. To the sad, sometimes attackers succeed in hosting infected packages on the Vendor sites to launch the attack on the customers. This development in the cyber world made people no surprise even if their network gets infected from a genuine source.

What Is PyPI?

PyPI is the official third-party package repository for Python on which millions of Python packages are available for download. It is also called Python Package Index.

List Of Malicious Python Libraries Found On PyPI:

Lint of Malicious Python Libraries are listed below:

Package nameMaintainerPayload
noblessexin1111Discord token stealer, Credit card stealer (Windows-based)
genesisbotxin1111Same as noblesse
arexin1111Same as noblesse
suffersufferSame as noblesse , obfuscated by PyArmor
noblesse2sufferSame as noblesse
noblessev2sufferSame as noblesse
pytagoraleonora123Remote code injection
pytagora2leonora123Same as pytagora

What Is The Impact Of These Malicious Python Libraries?

The research found that these packages were found communicating with other malicious codes for plunder credit cards information, download other malware programs on the victim machine, steal passwords stored on the web browsers. Remote code executions, amass system information, steal discord authentication tokens to impersonate victims, injecting code, and maybe more. 

What Should You Do If You Have Downloaded Any Of These Malicious Python Libraries?

Supply chain attacks are almost impossible to prevent and difficult to detect. However, we have to learn how to be safeguard from such attacks. We suggest a few things, which could help you stop these attacks and few action items to minimize the damage if you have downloaded any packages.

Precautions:

  1. Set up an identical pre-production environment and run the security test on the newly-downloaded software or packages.
  2. Always keep the backup up to date to restore if in case of breakdown.

Action items if you found infected:

  1. Isolate the infected machine.
  2. Remove the malicious Python packages from the machine.
  3. Check the saved password in the browsers and change these compromised passwords in each respective website. Go here to see the saved passwords in edge browser: edge://settings/passwords
  4. Check the saved card information on the browser. Cancel the card if saved. Go here to see the saved cards in Chrome: chrome://settings/payments
  5. Run the full scan with antimalware solutions.
  6. Restore the system if you have taken the backup.

Thanks for reading this post. Please share this post and help to secure the digital world.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.