Last week, the Python project “ultralytics” suffered a supply-chain attack through a compromise of the projects’ GitHub Actions workflows and subsequently its PyPI API token. No security flaw in PyPI was used to execute this attack. Versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 were affected and have been removed from PyPI.
On 2024-11-21, PyPI was notified about a malware attack with few details. Upon further investigation, we found that the maintainer was injecting obfuscated code that will exfiltrate credentials to a specific Telegram bot. The credentials include tokens, API servers, and other Crypto Pay-related data, and it is unknown to PyPI Security whether these have been used in any manner.
The project has been removed from PyPI.
If you have installed any versions of aiocpa,
audit your usage of the library and consider alternatives.
This may also appear as cryptopay on disk,
as that's the internal name of this particular module --
which is not the same as the PyPI package cryptopay
-- a completely different package.
PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and installers to verify published attestations.
Many projects have already begun publishing attestations, with more than 20,000 attestations already published.
This finalizes PyPI's support for PEP 740, and follows directly from previous work to add support for Trusted Publishing, as well as the deprecation and removal of PGP signatures.
Hello reader! It's me, Mike, and it's been just over a year since I posted about joining the PSF as the Safety & Security Engineer for the Python Package Index (PyPI).
I wanted to take a moment to reflect on the past year, and share some of the things I've been working on.
On June 28, 2024 security@pypi.org and I (Ee Durbin) were notified of
a leaked GitHub Personal Access Token for my GitHub user account, ewdurbin.
This token was immediately revoked,
and a review of my GitHub account and activity was performed.
No indicators of malicious activity were found.
In response to ongoing mass bot account registrations, Outlook domains
outlook.com and hotmail.com have been prohibited from
new associations with PyPI accounts.
This includes new registrations as well as adding as additional addresses.
Starting today, PyPI package maintainers can publish via Trusted Publishing from three additional providers:
These providers join existing support for publishing from GitHub Actions without long-lived passwords or API tokens, which we announced last year, and bring support for Trusted Publishing to even more hosted providers.
A package named yocolor was uploaded to PyPI
designed assist with malware distribution to targets.
The package was removed from PyPI, curtailing its potential impact to users.
This incident differs from the usual malware package removals, as it involved a domain name that was used in the attack to host the second stage of the malware distribution.
Checkmarx Security Research Team have published an in-depth blog on the specific behaviors - read their report for how it works.
Since PyPI is only involved with what Checkmarx called "Stage 1" of the attack, I'll focus on the package removal and domain abuse follow up here.
On Sunday, March 31st, 2024, PyPI Admins received emails about unexpected account activity from PyPI users. Users received notifications from PyPI that they had enrolled in two-factor authentication (2FA). These users claimed that they had not done so themselves.
PyPI Admins have not found any evidence of existing package tampering, or any other malicious activity beyond unauthorized account access and modification.
The main actions post-investigation taken were:
Read on for a summary of what happened, how we responded, and what's next.
We launched the Python Package Index (PyPI) in 2003 and for most of its history a robust and dedicated volunteer community kept it running. Eventually, we put a bit of PSF staff time into the maintenance of the Index, and last year with support from AWS we hired Mike Fiedler to work full-time on PyPI’s urgent security needs.