Malware Downloaded From PyPI 41,000 Times Was Surprisingly Stealthy

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

reader comments

46 with 35 posters participating

Share this story

PyPI—the open source repository that both large and small organizations use to download code libraries—was hosting 11 malicious packages that were downloaded more than 41,000 times in one of the latest reported such incidents threatening the software supply chain.

JFrog, a security firm that monitors PyPI and other repositories for malware, said the packages are notable for the lengths its developers took to camouflage their malicious code from network detection. Those lengths include a novel mechanism that uses what’s known as a reverse shell to proxy communications with control servers through the Fastly content distribution network. Another technique is DNS tunneling, something that JFrog said it had never seen before in malicious software uploaded to PyPI.

A powerful vector

“Package managers are a growing and powerful vector for the unintentional installation of malicious code, and as we discovered with

Read the article