Security News > 2021 > July > Several Malicious Typosquatted Python Libraries Found On PyPI Repository
As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks.
PyPI, short for Python Package Index, is the official third-party software repository for Python, with package manager utilities like pip relying on it as the default source for packages and their dependencies.
The Python packages in question, which were found to be obfuscated using Base64 encoding, are listed below -.
PyPI is hardly alone among software package repositories that have emerged as a potential attack surface for intruders, with malicious packages uncovered in npm and RubyGems equipped with capabilities that could potentially disrupt a whole system or serve as a valuable jumping-off point for burrowing deeper into a victim's network.
Last month, Sonatype and Vdoo disclosed typosquatted packages in PyPi that were found to download and execute a payload shell script that, in turn, retrieved a third-party cryptominer such as T-Rex, ubqminer, or PhoenixMiner for mining Ethereum and Ubiq on victim systems.
"The continued discovery of malicious software packages in popular repositories like PyPI is an alarming trend that can lead to widespread supply chain attacks," said JFrog CTO Asaf Karas.