Eight Malicious URL-Hijacking Python Libraries Discovered on PyPI Repository

Eight Malicious URL-Hijacking
Share It On:

1st August 2021, Kathmandu

PyPI gateway has deleted the eight Python packages that were installed more than 30,000 times for having malicious code, which is once again highlighting how software package repositories are being a popular victim of supply chain attacks.

JFrog analysts Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe On Thursday said that even amateur hackers utilizes public software repositories as a platform to spread malware, regardless of whether through typosquatting, dependency confusion or simply social engineering attacks due to the lack of moderation and automated security controls in public software repositories.

Python Package Index (PyPI), is the registered third-party software repository for Python, with package manager utilities like pip depending on it as the default source for packages and their dependencies.

The eight Python packages, which were found to be obscured using Base64 encoding, are listed below –

  • pytagora (uploaded by leonora123)
  • pytagora2 (uploaded by leonora123)
  • noblesse (uploaded by xin1111)
  • genesisbot (uploaded by xin1111)
  • are (uploaded by xin1111)
  • suffer (uploaded by suffer)
  • noblesse2 (uploaded by suffer)
  • noblessev2 (uploaded by suffer)

The above-mentioned packages could be exploited to become an entry point for more complicated threats, allowing the attacker to perform remote code on the host machine, cumulate system information, pillage credit card information and passwords auto-saved in Chrome and Edge browsers, and even purloin Discord authentication tokens to imitate the victim.

PyPI is barely unchaperoned amidst software package repositories that have appeared as a probable attack platform for attackers, with malevolent packages detected in npm and RubyGems provided with competencies that could potentially play havoc with a whole system or serve as a precious burst-off point for mining deeper into a target’s network.


Sonatype and Vdoo in the past month, uncovered the typosquatted packages in PyPI which were discovered to be installed and execute a payload shell script that retrieved a third-party crypto miner such as PhoenixMiner, ubqminer, or T-Rex for mining Ethereum and Ubiq on target systems.

According to JFrog CTO Asaf Karas, the continuous detection of malevolent software packages in popular repositories like PyPI has been a threatening movement that could usher to widespread supply chain attacks. He further said that the capability for hackers to operate simple obscurations methods to inaugurate malware means developers have to be concerned and attentive. It is important to be diligently addressed on a several layers, both by the supporter of the software repositories as well by the developers because it is a systematic threat.

Karas added that protective methods such as employing automated application security tools that can inspect for clues of suspicious code included in the project, and verification of library signatures, should be a vital part of any CI\/CD pipeline, on the developer’s sides. Such automated tools can aware when malevolent code paradigms are employed. It is very important to update security features in public repositories.


Share It On:

Recent Posts

Realme Dashain-Tihar Offer Winners To Be Revealed Soon

Realme Dashain-Tihar Offer Winners To Be Revealed Soon

Share It On:13th November 2024, Kathmandu Popular technology brand Realme is set to announce the Mega and Bumper prize winners

inDrive’s New Comfort Feature: A Luxurious Ride Option in Nepal

inDrive’s New Comfort Feature: A Luxurious Ride Option in Nepal

Share It On:13th November 2024, Kathmandu inDrive, a global mobility and urban services platform, is pleased to announce the launch

WordCamp Nepal 2025: Contribute To The WordPress Community in Nepal

WordCamp Nepal 2025: Contribute To The WordPress Community in Nepal

Share It On:13th November 2024, Kathmandu WordPress Nepal has officially announced that WordCamp Nepal 2025 will take place in March

FNCCI President Advocates For Favorable Investment Climate in Nepal

FNCCI President Advocates For Favorable Investment Climate in Nepal

Share It On:13th November 2024, Kathmandu President of the Federation of Nepalese Chambers of Commerce and Industry (FNCCI), Chandra Prasad

Nepal Telecom Breaks Silence on Babarmahal Protest, Issues Statement

Nepal Telecom Breaks Silence on Babarmahal Protest, Issues Statement

Share It On:12th November 2024, Kathmandu Since November 12, 2024, protests have taken place outside the premises of Nepal Telecom’s

Nepal Rastra Bank’s Microfinance Regulations:  Boosting Financial Inclusion for the Impoverished

Nepal Rastra Bank’s Microfinance Regulations: Boosting Financial Inclusion for the

Share It On:12th November 2024, Kathmandu Nepal’s Central Bank, Nepal Rastra Bank (NRB), has issued a new directive aimed at