Executive Summary
Security firm Phylum has discovered and reported an automated typosquatting attack campaign recently detected on March 26, 2024, which targeted popular Python libraries hosted on the Python Package Index (PyPI) page. Attackers deployed over 500 typosquatted variations of well-known libraries like TensorFlow, BeautifulSoup, requests, requirements, and others. These variations were designed to mimic legitimate package names but contained malicious code in their setup.py files linked to the malware family known as zgRAT.
Community Threat Assessment
Due to the temporary suspension of new projects and creations by the PyPI Development Team, the RH-ISAC Intelligence Team assesses with high confidence that this campaign presents a relatively medium threat for organizations in the retail and hospitality sector. RH-ISAC recommends Core Members review the intelligence included in this report and the linked Phylum report, which contains additional details regarding the campaign.
Technical Details
According to latest reporting from Phylum, the attack began with experimentation on a package called schubismomv3, where the attackers tested malware deployment techniques. The attackers initially experimented with install hooks and later shifted to smuggling encrypted payloads into local files for execution. Despite variations in setup.py files, the payload remained consistent, primarily functioning as a data stealer linked to zgRAT. Following the schubismomv3 experiment, the attackers then published insanepackagev1414, which differed by pulling a smaller payload from a remote URL instead of embedding it entirely into the setup file, which allowed for quicker deployment of variations under different package names. This ability to scale faster under different names enabled attacks to launch a wide-scale typosquatting campaign targeting PyPI.
The typosquatting attack commenced around 15:06 UTC on March 26, 2024, with variations targeting different libraries. After a brief pause, the attack resumed the next day with additional variations. In total, 566 typosquat publications were identified. PyPI promptly removed these packages, and to prevent further attacks, they temporarily suspended new project creation and new user registration. According to the status page, the incident has since been “resolved“.
Typosquat Variations
The following typosquat variations were launched by attackers:
36 variations of requests
61 variations of py-cord
35 variations of colorama
36 variations of capmonstercloudclient
20 variations of pillow
24 variations of bip-utils
29 variations of tensorflow
26 variations of BeautifulSoup
26 variations of PyGame
15 variations of SimpleJson
38 variations of Matplotlib
26 variations of PyTorch
67 variations of CustomTKInter
28 variations of selenium
17 variations of playwright
15 variations of asyncio
67 variations of requirements
