- A threat actor using the username “Lolip0p” has uploaded 3 legitimate-looking malicious software files to PyPI, which currently has over 550 downloads.
- The files have legitimate names and descriptions, which makes people believe that they come from legitimate sources.
- Since Python Package Index relies on users to identify and report problems, security vulnerabilities like these can be caught too late.
PyPI (Python Package Index) is a repository of software packages written in the Python programming language. It is the official package repository for Python and contains over 200,000 packages that can be used to extend the functionality of Python applications. Three malicious packages that are intended to install malware on developer systems have been uploaded to the Python Package Index (PyPI) repository by a threat actor going by the handle “Lolip0p”.
Looks identical to legitimate software
Since PyPI relies on user reports to identify and remove malicious files, it is not as efficient to quickly spot and get rid of malicious software that might be among them. That is why the files were already downloaded more than 550 times by the time the malicious software was found and removed.
The threat actor uploaded three packages that had legitimate name descriptions, unlike most malicious software that gets uploaded to PyPI, to make it easier for developers to believe it is legitimate software. Fortinet goes into depth about how the software affects a user’s computer after it successfully gets launched.
Before downloading and running any packages, especially those from new authors, Python end users should always take their time to make sure the files are legitimate.