Threat Research

FortiGuard AI Detects Malicious Packages Hidden in the Python Package Index | FortiGuard Labs

Securonix

FortiGuard Labs detected malicious PyPI packages in early July and leveraged an AI-powered OSS threats-hunting system to identify threats in near real-time. The campaigns reuse multiple PyPI IDs across two package sets, include encrypted payloads that execute on install, and exfiltrate data via a Discord webhook. #JosefM #killskids

Keypoints

  • FortiGuard Labs warns about malicious PyPI packages being published to distribute malware through the Python Package Index (PyPI).
  • The campaigns show two sets of packages authored by different actors: “Josef M” and “killskids”.
  • First set packages included __init__.py with a long string of encrypted code that decrypts and runs a stealer payload via a Discord webhook.
  • Second set packages include setup.py designed to download and potentially execute a malicious payload during installation.
  • The authors reuse similar code across multiple PyPI IDs to maximize distribution and persistence; Fortinet’s AI engine enables near real-time detection.
  • Fortinet protections include FortiGuard Antivirus detections (Python/Agent.TENR!tr, Python/Agent.SDIK!tr), Web Filtering blocking malicious download URLs, and FortiDevSec SCA preventing malicious dependencies.
  • IOCs include specific file names and associated hashes, plus several malicious URLs used to fetch payloads.

MITRE Techniques

  • [T1195] Software Supply Chain – Threat actors publish malicious PyPI packages to distribute malware through the OSS ecosystem. “Python Package Index (PyPI) packages have become a common way for threat actors to post malware that unsuspecting victims may download.”
  • [T1059.006] Python – The package’s __init__.py contains a long string of encrypted code that will be run. “The first thing we notice in its __init__.py is a long string of encrypted code that will be run.”
  • [T1105] Ingress Tool Transfer – The setup.py inside the packages attempts to download and run a potentially malicious executable during installation. “The setup.py in these packages tries to use cmdclass commands that may run when installing the package, as shown below.”
  • [T1567.002] Exfiltration to Web Service – The malware uses a Discord webhook to exfiltrate data (e.g., credit cards, wallets, account logins). “Using a Discord webhook, it tries to steal information, such as credit cards, wallets, account logins, etc.”

Indicators of Compromise

  • [File Hash] Associated with malicious __init__.py files – 475e15da18cd785eb079981585a6519b, 188a8e8f9afb0423276cbe92f8846c47
  • [File Name] Malicious PyPI package components – pycolouringsextV1-1.1.0 __init__.py, sysfontstoolV1-1.1.0 __init__.py
  • [Malicious URLs] Delivery/execution URLs – hxxps://github[.]com/killskids/test/raw/main/calc[.]exe, hxxps://github[.]com/killskids/test/raw/main/auth-server[.]exe

Read more: https://www.fortinet.com/blog/threat-research/continued-oss-supply-chain-attacks-hidden-in-pypi

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint