Sep 12, 2022
DDoS attacks via new Python packages
This weekend, researchers at Checkmarx discovered that a user named “devfather777” published 12 python packages on PyPi that used a name similar to other popular packages to trick software developers into using the malicious versions instead [1].
The complete list of uploaded malicious PyPi packages are:
Gesnim
Kears
TensorFolw
Seabron
tqmd
lxlm
mokc
ipaddres
ipadress
falsk
douctils
indaA dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server [2].
Because software developers usually fetch these packages via the terminal, it’s easy to type their name with a letter in the wrong order. Since the download and build continue as expected, the victim doesn’t realize the mistake and infects their device [1].
DDoS (Distributed Denial of Service) involves sending large amounts of traffic from multiple sources to a service or website, intending to overwhelm it. A huge influx of traffic all at once can tie up all the site’s resources and thereby deny access to legitimate users.
If you use any of the 12 packages mentioned above and think you made a typo this weekend, go over your projects and double-check that you are using the right software. Unfortunately, no PyPI package comes with security guarantees. Users are responsible for double-checking names, or any other details such as release histories, submission details, homepage links, and download numbers [3].
Hopefully, I (Melanee) have checked the PyPi repository and that detrimental packages have been removed from there, please share this story with your friends to make them aware to uninstall these packages.
Writer: Melanee
Contact Melanee on GitHub:
