10 Python Libraries That Steal Credentials Have Been Found on PyPI

Ten malicious Python Libraries that packages were being used to infect developers’ computers with malware that steals passwords have been found by threat researchers on the PyPI repository. Typosquatting was utilized by the bogus packages to pass for well-known software projects and entice PyPI users into downloading them.

Millions of registered users can quickly incorporate over 350,000 open-source software packages from PyPI (Python Package Index) into their Python packages projects and create sophisticated products with little effort.

Python libraries used in the Pypi package were used to steal credentials:

  • Ascii2text:

Ascii2text mimics “art,” a well-known ASCII Art Python Libraries, using the same description but omitting the release information. Through a Discord webhook, the code          retrieves a malicious script that looks for local passwords and exfiltrates them.

  • Pymocks, PyProto2, and Pyg-utils:

All three of the malware target AWS credentials and resemble another group of packages that Sonatype found in June. The first even connects to “pygrata.com,” whilst           “pymocks.com” is the goal of the other two.   

  • Test-async:

The unspecific package that downloads malicious code from a remote source and alerts a Discord channel to the presence of fresh infection.

  • Free-net-VPN as well as Free-net-VPN2:

Harvester of user credentials posted to a website that has a dynamic DNS mapping service.

  • Zlibsrc:

This package is Python Libraries, which imitates the zlib project, and includes a script that downloads and executes a malicious file from a third-party source.

  • Browserdiv:

A package aimed toward web design programmers’ credentials is called Browserdiv. uses Discord webhooks to smuggle info.  

  • WINRPCexploit:

A credential-stealing toolkit called WINRPCexploit claims to automate the exploitation of the Windows RPC vulnerability.environment variables, which frequently       include credentials, to a remote website under the attacker’s control when it is executed.

Although CheckPoint notified the Python Libraries detected packages and PyPI removed them, software developers who downloaded them on their workstations may still be in danger.

The developer’s machine may only be the starting point of a widespread infection, therefore code should be examined for malicious code. In many cases, the malicious packages set the groundwork for potential supply chain attacks.

that users are responsible for carefully examining names, release histories, submission data, homepage links, and download counts and that no package in PyPI and Python Libraries offers security guarantees.

In Conclusion, The revelation represents the most recent instance of threat actors publishing malicious software on widely used software repositories like PyPI and list python Libraries to disrupt the software supply chain, adding to a series of recent incidents that is quickly growing.

Read more about The Top 7 Tools for NFT Design and Creation

Stay Connected!!

Are you looking for Python developer?

Book your FREE call with our technical consultant now.
Let's Build Your App

Book your FREE call with our technical consultant now.

Let's Schedule A Meeting

Totally enjoyed working with Karan and his team on this project. They brought my project to life from just an idea. Already working with them on a second app development project.

They come highly recommended by me.

Owner, Digital Babies

This is the best job I’ve hired Aelius Venture for. The team does quality work and highly recommends them and their capable team.

Owner, Digital Babies

We appreciate the help from Aelius Venture’s team with regards to our React Native project.

Oh D
Owner, Startup