Malicious Python Package Typosquats Popular passlib Library, Shuts Down Windows Systems

Keypoints

• The psslib package pretends to be a security library but executes immediate shutdown commands on Windows systems when incorrect passwords are entered.
• It typosquats the widely-used passlib library, exploiting developer trust and targeting Python developers using authentication tools.
• psslib contains multiple functions to forcibly shut down or restart Windows systems without authentication or warning.
• The malicious commands only affect Windows systems, as Linux/macOS platforms do not support the Windows-specific shutdown syntax.
• This attack demonstrates supply chain risks with destructive payloads disguised as useful security software.
• Future threats may evolve to target other platforms, use more sophisticated triggers, and blend legitimate functionality with destructive behavior.
• Socket’s security tools can help detect such malicious packages in real time through pull request analysis, CLI alerts, and browser extensions.