Malicious actors have published more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to infect developer systems with clipper malware.
Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a follow-up to a campaign that was initially disclosed in November 2022.
The initial vector entails using typosquatting to mimic popular packages such as beautifulsoup, bitcoinlib, cryptofeed, matplotlib, pandas, pytorch, scikit-learn, scrapy, selenium, solana, and tensorflow, among others.
“After installation, a malicious JavaScript file is dropped to the system and executed in the background of any web browsing session,” Phylum said in a report published last year. “When a developer copies a cryptocurrency address, the address is replaced in the clipboard with the attacker’s address.”
This is achieved by creating a Chromium web browser extension in the Windows AppData folder and writing to it the rogue Javascript and a manifest.json file that requests users’ permissions to access and modify the clipboard.
Targeted web browsers include Google Chrome, Microsoft Edge, Brave, and Opera, with the malware modifying browser shortcuts to load the add-on automatically upon launch using the “–load-extension” command line switch.
The latest set of Python packages exhibits a similar, if not the same, modus operandi, and is designed to function as a clipboard-based crypto wallet replacing malware. What’s changed is the obfuscation technique used to conceal the JavaScript code.
The ultimate goal of the attacks is to hijack cryptocurrency transactions initiated by the compromised developer and reroute them to attacker-controlled wallets instead of the intended recipient.
“This attacker significantly increased their footprint in PyPI through automation,” Phylum noted. “Flooding the ecosystem with packages like this will continue.”
The findings coincide with a report from Sonatype, which found 691 malicious packages in the npm registry and 49 malicious packages in PyPI during the month of January 2023 alone.
The development once again illustrates the growing threat developers face from supply chain attacks, with adversaries relying on methods like typosquatting to trick users into downloading fraudulent packages.
