Sophisticated Supply Chain Attack Discovered in Popular Python Packages

Security researchers at JFrog have discovered a sophisticated supply chain attack affecting multiple popular Python packages on the Python Package Index (PyPI), with malicious versions of the packages downloaded over 500,000 times before detection.

The attack targeted packages commonly used in data science and machine learning workflows, including dependencies of larger projects. The attackers used a combination of typosquatting and account compromise to publish backdoored versions of legitimate packages.

"This is one of the most sophisticated supply chain attacks we've seen targeting the Python ecosystem," said Shachar Menashe, senior director of security research at JFrog. "The malicious code was carefully hidden and designed to evade automated scanning tools."

The backdoor establishes a reverse shell connection to attacker-controlled infrastructure, allowing the threat actors to execute arbitrary commands on affected systems. The malware also attempts to steal AWS credentials, SSH keys, and cryptocurrency wallet files.

PyPI administrators have removed the malicious packages and are working with JFrog to identify any additional compromised packages. The Python Software Foundation has also suspended several accounts involved in the attack.

Organizations that use the affected packages are advised to audit their environments for indicators of compromise, rotate any potentially exposed credentials, and review their software bill of materials.

The incident has reignited calls for PyPI to implement mandatory two-factor authentication for package maintainers, a measure the platform has been slowly rolling out over the past year.