Tag: pypi

27 Attack Reports | 0 Vulnerabilities

Attack reports

Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels

A sophisticated supply chain attack campaign has expanded to 471 affected artifacts across npm and PyPI, targeting developers through malicious packages. The campaign uses three distinct delivery methods: executable .pth startup hooks, trojanized native .abi3.so extensions that execute at import ti…
typosquatting
credential theft
pypi
supply chain attack
hades
ci/cd compromise
mini shai-hulud
2026-06-08
bioinformatics
bun runtime
miasma
javascript stealer
mcp developers
native extensions
Published: June 8, 2026
Downloadable IOCs: 2

Miasma Worm Campaign Spreads with New PyPI Wave

A coordinated PyPI compromise campaign involving 37 malicious wheel artifacts across 19 packages was detected, utilizing Python startup hooks to execute credential-stealing payloads. The attack leverages .pth files for automatic execution during Python interpreter startup, downloads the Bun JavaScr…
credential theft
pypi
supply chain attack
hades
github exfiltration
mini shai-hulud
2026-06-07
bioinformatics
bun runtime
miasma
startup hooks
Published: June 7, 2026
Downloadable IOCs: 3

Mini Shai-Hulud Hits TanStack npm Packages

The Mini Shai-Hulud campaign compromised 84 npm package artifacts in the TanStack namespace with credential-stealing malware targeting continuous integration systems. On May 11, 2026, attackers published 84 malicious versions across 42 TanStack packages by chaining the pull_request_target pattern, …
credential theft
npm
pypi
supply chain attack
github actions
mini shai-hulud
tanstack
2026-05-21
oidc token
Published: May 21, 2026
Downloadable IOCs: 0

OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI

Between July 2025 and present, threat actors suspected to be OceanLotus distributed malicious wheel packages through PyPI targeting both Windows and Linux platforms. Three fake libraries (uuid32-utils, colorinal, and termncolor) were created to imitate legitimate packages, implementing a sophistica…
dropper
pypi
cross-platform
supply chain attack
python packages
2026-05-06
wheel packages
zichatbot
zulip c2
Published: May 6, 2026
Downloadable IOCs: 9

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and macOS Backdoors

An ongoing campaign has been discovered delivering Linux and macOS backdoors through poisoned Python packages uploaded to PyPI repository. The activity is attributed with medium confidence to Gleaming Pisces, a North Korean financially motivated threat actor affiliated with the Reconnaissance Gener…
pypi
citrine sleet
poolrat
pondrat
applejeus
supply chain attack
badcall
2026-05-04
Published: May 4, 2026
Linked vulnerabilities : CVE-2025-55182 (CVSS 10.0)
Downloadable IOCs: 13

PyPI Package Compromised in Supply Chain Attack

The popular PyPI package lightning experienced a supply chain attack affecting versions 2.6.2 and 2.6.3, published on April 30, 2026. The compromise introduced malicious code that executes automatically upon module import, downloading Bun JavaScript runtime and executing an 11MB obfuscated payload.…
pypi
supply chain attack
shai-hulud
2026-04-30
ci/cd targeting
github poisoning
npm worm
Published: April 30, 2026
Downloadable IOCs: 1

npm Packages Hit with TeamPCP-Style CanisterWorm Malware

Malicious npm packages associated with Namastex.ai were compromised with malware exhibiting tradecraft similar to TeamPCP's CanisterWorm campaign. The attack targeted packages including @automagik/genie and pgserve, implementing install-time execution that harvests credentials, environment variable…
worm
credential theft
npm
pypi
supply chain attack
self-propagating
canisterworm
2026-04-22
icp canister
Published: April 22, 2026
Downloadable IOCs: 7

TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM

TeamPCP launched a sophisticated attack on the Telnyx Python SDK, publishing malicious versions 4.87.1 and 4.87.2 to PyPI. The attack represents an evolution from their previous LiteLLM campaign, incorporating WAV-based steganography, split-file code injection, and expanded platform support. The pa…
persistence
steganography
credential theft
pypi
multi-platform
base64 encoding
supply-chain attack
2026-03-30
wav files
Published: March 30, 2026
Downloadable IOCs: 5

Telnyx Python SDK Compromised to Deliver Credential-Stealing Malware

A supply chain attack affecting the telnyx Python package on PyPI has been identified. Malicious versions 4.87.1 and 4.87.2 contained embedded credential-harvesting malware. The attack employs a three-stage runtime chain on Linux/macOS using audio steganography for delivery, in-memory execution of …
steganography
pypi
supply-chain-attack
credential-harvesting
2026-03-28
fileless-execution
hybrid-encryption
telnyx
Published: March 28, 2026
Downloadable IOCs: 3

AI Infrastructure Supply Chain Poisoning Alert

A supply chain poisoning attack on LiteLLM, a popular AI model gateway, was detected by NSFOCUS Technology CERT. The TeamPCP group compromised the Trivy security scanning tool used in LiteLLM's release process, allowing them to publish malicious versions 1.82.7 and 1.82.8 on PyPI. These versions co…
credential theft
kubernetes
pypi
supply chain attack
ai infrastructure
open source
litellm
2026-03-27
software security
Published: March 27, 2026
Downloadable IOCs: 4

Supply Chain Attack: Malicious PyPI Packages

TeamPCP has launched a supply chain attack targeting LiteLLM, an open-source Python library used in 36% of cloud environments. Malicious versions 1.82.7 and 1.82.8 were published on PyPI, employing sophisticated techniques for payload delivery and persistence. The compromised packages exploit Pytho…
cloud security
pypi
supply chain attack
2026-03-25
litellm
Published: March 25, 2026
Downloadable IOCs: 1

Malicious PyPI Package - LiteLLM Supply Chain Compromise

A malicious supply chain attack has been discovered in the Python Package Index package litellm version 1.82.8. The compromised package contains a malicious .pth file that executes automatically when the Python interpreter starts, without requiring explicit import. This file, located in site-packag…
supply chain
pypi
cloud credentials
2026-03-25
litellm
Published: March 25, 2026
Downloadable IOCs: 1

Bootstrap script exposes PyPI to domain takeover attacks

A vulnerability in legacy Python packages could enable an attack on PyPI through a domain compromise. The issue stems from bootstrap files for a build tool that installs the 'distribute' package, which fetch and execute an installation script from a now-available domain. Affected packages include t…
supply chain
vulnerability
open-source
pypi
domain takeover
bootstrap script
2025-12-03
python packaging
Published: December 3, 2025
Linked vulnerabilities : CVE-2023-45311
Downloadable IOCs: 2

Build script exposes PyPI to domain takeover attacks

ReversingLabs researchers discovered vulnerable code in legacy Python packages that could enable an attack on the Python Package Index (PyPI) via a domain compromise. The vulnerability lies in bootstrap files for a build tool that installs the Python package 'distribute' and performs other tasks. W…
python
supply chain
vulnerability
pypi
2025-11-24
packaging
legacy code
domain takeover
CVE-2023-45311
bootstrap script
Published: November 24, 2025
Linked vulnerabilities : CVE-2023-45311
Downloadable IOCs: 0

Malicious PyPI Packages Deliver SilentSync RAT

Two malicious Python packages, sisaws and secmeasure, were discovered in the Python Package Index (PyPI) repository. These packages, created by the same author, deliver a Remote Access Trojan (RAT) called SilentSync. The RAT is capable of remote command execution, file exfiltration, screen capturin…
rat
python
typosquatting
supply chain
data theft
remote access
pypi
data-exfiltration
supply-chain-attack
browser-data-theft
2025-09-18
silentsync
2025-09-19
python packages
Published: September 19, 2025
Downloadable IOCs: 0

Supply Chain Risk in Python: Termcolor and Colorama Explained

A suspicious Python package named termncolor was discovered, which imports a malicious dependency called colorinal. This multi-stage malware operation leverages DLL sideloading to decrypt payloads, establish persistence, and conduct command-and-control communication, ultimately leading to remote co…
supply-chain
python
persistence
pypi
dll-sideloading
2025-08-16
c2-communication
zulip
termncolor
colorinal
Published: August 16, 2025
Downloadable IOCs: 0

PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion

A malicious package campaign targeting Python and NPM users on Windows and Linux has been discovered. The attack uses typo-squatting and name-confusion tactics against the popular colorama Python package and the similar colorizr JavaScript package. Multiple packages with risky payloads were uploade…
typosquatting
remote-access
npm
pypi
data-exfiltration
supply-chain-attack
2025-06-02
colorama
colorizr
Published: June 2, 2025
Downloadable IOCs: 2

Malicious attack method on hosted ML models now targets PyPI

A new malicious campaign has been discovered targeting the Python Package Index (PyPI) by exploiting the Pickle file format in machine learning models. Three malicious packages posing as an Alibaba AI Labs SDK were detected, containing infostealer payloads hidden inside PyTorch models. The packages…
infostealer
ai
pypi
machine learning
supply chain attack
pytorch
2025-05-26
pickle format
Published: May 26, 2025
Downloadable IOCs: 2

Backdoor implant discovered on PyPI posing as debugging utility

A sophisticated malicious package named 'dbgpkg' was detected on PyPI, masquerading as a Python debugging utility. The package implants a backdoor on systems, enabling execution of malicious code and data exfiltration. It uses function wrapping techniques to evade detection and is believed to be pa…
backdoor
russia
ukraine
pypi
supply chain attack
hacktivist
2025-05-15
dbgpkg
function wrapping
global socket toolkit
requestsdev
discordpydebug
Published: May 15, 2025
Downloadable IOCs: 0

PyPI package targets Solana developers

A malicious PyPI package named solana-token has been discovered targeting Solana blockchain developers. The package, downloaded over 600 times, attempts to steal source code and developer secrets from infected machines. It uses suspicious behaviors like communicating with IP addresses on non-standa…
infostealer
cryptocurrency
exfiltration
open-source
pypi
blockchain
supply-chain-attack
2025-05-13
solana
solana-token
Published: May 13, 2025
Downloadable IOCs: 0

Malicious PyPi Package Detected Stealing Crypto Tokens

A malicious PyPI package named ccxt-mexc-futures has been discovered by security researchers. This package claims to extend the capabilities of the legitimate CCXT library for cryptocurrency trading, specifically for futures trading on the MEXC exchange. However, it actually hijacks user orders and…
cryptocurrency
pypi
supply-chain-attack
2025-04-16
api-hijacking
ccxt
mexc
Published: April 16, 2025
Downloadable IOCs: 2

Compromised ultralytics PyPI package delivers crypto coinminer

A malicious version of the popular AI library ultralytics was published on PyPI, containing downloader code for the XMRig coinminer. The compromise was achieved by exploiting a known GitHub Actions script injection. Two versions, 8.3.41 and 8.3.42, were affected before a clean version 8.3.43 was re…
xmrig
coinminer
pypi
2024-12-07
ultralytics
supply-chain-attack
Published: December 7, 2024
Downloadable IOCs: 0

Malicious PyPI crypto pay package aiocpa implants infostealer code

ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with m…
obfuscation
infostealer
cryptocurrency
pypi
machine learning
software supply chain
2024-11-29
threat hunting
Published: November 29, 2024
Downloadable IOCs: 0

An NPM and PyPI Malicious Campaign Targeting Windows Users

Datadog Security Research has uncovered an ongoing supply chain attack targeting both npm and PyPi package repositories, tracked as MUT-8694. This campaign uses malicious packages to deliver infostealer malware to Windows users, leveraging legitimate services like GitHub and repl.it for payload hos…
supply-chain
typosquatting
infostealer
npm
pypi
2024-11-26
roblox
Published: November 26, 2024
Downloadable IOCs: 11

Python Crypto Library Updated to Steal Private Keys

Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library.
pypi
telegram
crypto
2024-11-26
aiocpa
Published: November 26, 2024
Downloadable IOCs: 4

Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack

A sophisticated malware campaign targeting cryptocurrency enthusiasts has been uncovered, utilizing multiple attack vectors including a malicious Python package on PyPI and deceptive GitHub repositories. The multi-stage malware, disguised as cryptocurrency trading tools, aims to steal sensitive dat…
supply-chain
cryptocurrency
data-theft
social-engineering
pypi
github
2024-11-04
multi-stage
gui
cryptoaitools
Published: November 4, 2024
Downloadable IOCs: 2

Exposing Attack Operations Utilizing PyPI Against Windows, Linux and macOS Platforms

The report details the APT-C-26 (Lazarus) group's recent attack campaign utilizing malicious Python packages hosted on the PyPI repository to deliver payloads targeting multiple platforms including Windows, Linux, and macOS. It analyzes the attack flow, delivery methods, and malware components invo…
malware
apt
supply chain
lazarus
2024-07-08
pypi
comebacker
cross-platform
Published: July 8, 2024
Downloadable IOCs: 28
Click here to see more Attack Reports