Security News > 2022 > May > Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Malicious PyPI package opens backdoors on Windows, Linux, and Macs
2022-05-21 15:16

Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, downloading the functional libraries required for their projects.

On May 17, 2022, threat actors uploaded a malicious package named 'pymafka' onto PyPI. The name is very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads on the PyPI registry.

Developers who downloaded it will have to replace it immediately and check their systems for Cobalt Strike beacons and Linux backdoors.

From the software developer's perspective, several things are done wrong when someone uses an untrustworthy package, but the most common and admittedly easy to happen is mistyping package names during building.

In this case, the package attempts to masquerade as a renowned project, yet it has no description on the PyPI page, no homepage link, an extremely short release history, and an inexplicably recent release date.


News URL

https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2602 1595 67 4328
Pypi 15 0 0 1 15 16