Security News > 2022 > May > Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.
PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, downloading the functional libraries required for their projects.
On May 17, 2022, threat actors uploaded a malicious package named 'pymafka' onto PyPI. The name is very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads on the PyPI registry.
Developers who downloaded it will have to replace it immediately and check their systems for Cobalt Strike beacons and Linux backdoors.
From the software developer's perspective, several things are done wrong when someone uses an untrustworthy package, but the most common and admittedly easy to happen is mistyping package names during building.
In this case, the package attempts to masquerade as a renowned project, yet it has no description on the PyPI page, no homepage link, an extremely short release history, and an inexplicably recent release date.
News URL
Related news
- FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites (source)
- Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems (source)
- Microsoft fixes Linux boot issues on dual-boot Windows systems (source)
- Windows 11 and Red Hat Linux hacked on first day of Pwn2Own (source)
- Microsoft open-sources Windows Subsystem for Linux at Build 2025 (source)
- The Windows Subsystem for Linux goes open source (source)