Researchers have discovered more than two dozen Python packages on the PyPI registry, which imitate popular libraries to distribute malware. While some of these packages drop malware created for educational purposes, some are dropping the W4SP info-stealer.

Malicious PyPI packages

The attack, which started on October 12, gained momentum by October 22. A very small number of packages with the same IOCs were seen in July, which is thought to be POC efforts by the attackers before launching the actual attack.
  • The malicious packages are typosquatted names of popular libraries. Attackers picked up the genuine code from legitimate libraries and injected malicious code into it via the __import__ statement.
  • For instance, they used the genuine package datetime2 to create the malicious package typesutil, by making some modifications to align the supporting text. 
  • For this reason, these libraries have a lot of resources (such as,, and page URLs) resembling a genuine package, thus, looking like a legitimate package.

All in all, 29 malicious packages were revealed, operating online as typosquatted names of genuine packages, and were downloaded more than 5,700 times.

The payloads

  • Out of 29, 27 malicious packages were observed dropping the info-stealer malware W4SP. This info-stealer exfiltrates cookie-saved passwords, and Discord tokens from the infected machines.
  • The two rest PyPI packages 'pystile' and 'threadings' carried a different malware that was labeled as GyruzPIP by its developers. This is an open-source malware developed for educational purposes.

Concluding note

Attacks by using typosquatted package names, termed Dependency Confusion attacks, have become a frequent observation for some time. Overall, there has been a steady rise in attacks on open-source repositories, and therefore, organizations are suggested to use controlled scopes on public package repositories to protect their private packages.
Cyware Publisher