Skip to content

Three malicious PyPI packages found with over 14,000 downloads

  • by
  • 3 min read

Three malicious python packages amassing over 14,000 downloads and mirrors put together have been removed from the Python Package Index (PyPI) registry. 

A developer and senior product manager at Palo Alto Networks, Andrew Scott discovered these packages while conducting a large-scale static analysis of what he describes as a “large percentage of the packages on PyPI.” Scott himself used the Bandersnatch open-source project from Python Packaging authority to aid his research. 

This discovery joins in a continuing trend of attackers sneaking in malicious packages in codebases for unsuspecting developers to download and integrate with their programs. Only recently, 17 malicious NPM packages were caught, and the PyPI repository has previously been hacked with crypto-mining malware

In the News: Meta’s VR social platform is now open for all

The circus continues

Andrew excluded exceedingly large distributions and only pulled the latest versions of the packages configuring a lower number of workers to avoid straining PyPI servers as he was downloading roughly 200,000 of the overall 330,000 packages on PyPI.

These are the packages that he flagged as malicious. 

Package NameMaintainerDescription
aws-login0tooldavycrockett5729492Typosquatting candidate. Installs trojans on Windows.
dpp-clientcutoffurmindExtracts environment variables and files.
dpp-client1234cutoffurmind Extracts environment variables and files.

The aws-login0tool package in what appears to be a typosquatting attempt targets Windows users. Once installed, the package downloads a 64-bit executable file called normal.exe, which has been identified as a trojan by 32 security vendors and one sandbox on VirusTotal

As reported by TheBleepingComputerthe PyPI package page for this package contained a disclaimer urging users not to download the package saying, “please don’t use this… It does bad things… Oh, dear :(“

The other two packages — dpp-client and dpp-client1234 attack Linux machines and send environment variables and directory listings to a domain called pt.traktrain. com.

The packages especially search for a few directories, including /mnt/mesos, which can indicate that they’re looking for Apache’s Mesos files. Mesos is an open-source cluster management product developed by the Apache Foundation. 

The dpp-client package has been downloaded 10,194 times at the time of writing. The dpp-client1234 package has gotten 1536 downloads so far. The aws-login0tool package has also been downloaded over 3000 times. Do keep in mind that these download counts may include automated mirrors in addition to organic downloads by developers.

Their project pages contained simple test keywords in the description, indicating that these packages were most probably part of a proof-of-concept exercise. 

In the News: Zero-day exploit in Java library impacts Steam, iCloud and Minecraft

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: