Earlier this year, I wrote briefly about new functionality added to PyPI, the ability to quarantine projects. This feature allows PyPI administrators to mark a project as potentially harmful, and prevent it from being easily installed by users to prevent further harm.
In this post I'll discuss the implementation, and further improvements to come.
On 2024-11-21, PyPI was notified about a malware attack with few details. Upon further investigation, we found that the maintainer was injecting obfuscated code that will exfiltrate credentials to a specific Telegram bot. The credentials include tokens, API servers, and other Crypto Pay-related data, and it is unknown to PyPI Security whether these have been used in any manner.
The project has been removed from PyPI.
If you have installed any versions of aiocpa,
audit your usage of the library and consider alternatives.
This may also appear as cryptopay on disk,
as that's the internal name of this particular module --
which is not the same as the PyPI package cryptopay
-- a completely different package.
Hello reader! It's me, Mike, and it's been just over a year since I posted about joining the PSF as the Safety & Security Engineer for the Python Package Index (PyPI).
I wanted to take a moment to reflect on the past year, and share some of the things I've been working on.
A package named yocolor was uploaded to PyPI
designed assist with malware distribution to targets.
The package was removed from PyPI, curtailing its potential impact to users.
This incident differs from the usual malware package removals, as it involved a domain name that was used in the attack to host the second stage of the malware distribution.
Checkmarx Security Research Team have published an in-depth blog on the specific behaviors - read their report for how it works.
Since PyPI is only involved with what Checkmarx called "Stage 1" of the attack, I'll focus on the package removal and domain abuse follow up here.
On Sunday, March 31st, 2024, PyPI Admins received emails about unexpected account activity from PyPI users. Users received notifications from PyPI that they had enrolled in two-factor authentication (2FA). These users claimed that they had not done so themselves.
PyPI Admins have not found any evidence of existing package tampering, or any other malicious activity beyond unauthorized account access and modification.
The main actions post-investigation taken were:
Read on for a summary of what happened, how we responded, and what's next.
We are lucky to have an engaged community of security researchers that help us keep the Python Package Index (PyPI) safe.
These folks have been instrumental in helping us identify and remove malicious projects from the Index, and we are grateful for their continued support.
Historically, we have asked reporters to email us to report malware per the PyPI Security Policy.
PyPI now has an improved way to report malware, via PyPI itself.
It's January 1st, 2024, and PyPI now requires Two-factor authentication (2FA) for all users.
This post is a recognition of the hard work that went into making this a reality, and a thank you to all the users who have enabled 2FA on their accounts.
It is also a reminder to those who have not yet enabled 2FA, that you will need to do so before you can perform any management actions, or upload files to PyPI.
Once 2FA is enabled, you may perform management actions, including generating API Tokens or setting up Trusted Publishers (preferred) to upload files.
Starting January 1, 2024, all users must enable 2FA for their PyPI accounts.
PyPI has been on the path of being a fully Two-factor Authenticated service a reality, which began in 2019. Read more about some of the steps taken in recent months:
Starting today, all users must enable 2FA before they can perform any management actions on TestPyPI.
This change is in preparation for the scheduled enforcement of 2FA on PyPI at the end of 2023.
A PyPI user's account was taken over and used to remove the user's ownership of 4 projects. This was not a malfunction of PyPI or using any vulnerability, rather the user's account was not sufficiently protected against account takeover.
The attacker added themselves as a collaborator to these projects, and removed the original owner. None of the projects had any modifications made to them other than ownership changes.