Safety Discovers New Malicious Packages on PyPI

March 7, 2023
3 min read
On 4 March, 2023, Safety CLI Cybersecurity discovered malicious Python packages on PyPI within minutes of them being uploaded. In the brief time that these packages were available, however, they were downloaded over 1,000 times.

With 300 to 500 new Python packages being uploaded to PyPI every day, the number of malicious Python packages being uploaded has increased dramatically over the last 12 months. Such packages have become a significant new attack vector in the Python ecosystem.

By tracking signals and changes in over 507,000 Python packages, Safety's Cybersecurity Intelligence team maintains the industry-leading database of vulnerable Python packages, providing customers with analysis and metrics on more than 14,000 vulnerabilities, including information on these malicious packages.

On 4 March, 2023, Safety's Cybersecurity Intelligence Team discovered three malicious Python packages on PyPI within minutes of them being uploaded. The malicious packages were immediately added to our vulnerability database and shared with the PyPI security team, who removed the packages in question. In the brief time these packages were available, however, they were downloaded over a thousand times.


The first of the three malicious packages discovered by Safety, aiotoolbox, contained a custom script in that downloaded obfuscated code from a website claiming to be associated with PyPI. The code was hidden using PyArmor, a command line tool used to obfuscate python scripts, and resulted in malicious code running on developers' machines.

This package is an example of Typosquatting, an increasingly common attack vector where packages are created with names similar to popular packages but contain malware or other forms of malicious code. In this case, aiotoolbox typosquats another package called aiotools, hoping developers will mistakenly install the malicious package instead of the desired one.

The second malicious package, asyncio-proxy, included aiotoolbox as a dependency, resulting in the same malicious code being downloaded.


The third package discovered by Safety was pycolorz, another example of Typosquatting, this time on packages pycolor and pycolors. Again, obfuscated malicious code - this time using the Hyperion obfuscator - resulted in malicious code being downloaded.

Managing Risk and Delivering End-to-End Security with Safety

These examples highlight the importance of being vigilant when installing Python packages and having risk management frameworks and tooling to minimize the risk of developers installing vulnerable packages. Malicious packages introduce vulnerabilities and security risks to developer machines, pipelines, and production systems. It is crucial to have proper safeguards in place to protect against them.

Safety Gateway

Preventing untrustworthy, malicious and vulnerable packages from being installed on your systems and developer machines is increasingly important in today's threat landscape. It is no longer sufficient to scan codebases for vulnerabilities in CI/CD pipelines or even in development machines after they have been installed; once a malicious package hits a machine it is often already too late.

For this reason, Safety has developed Package Gateway - which gives Python teams comprehensive preventative security, control and audit history of all packages being installed on your systems and developer machines. Malicious and vulnerable packages are blocked at the source before being installed. Package Gateway is Safety's next-generation tool that shifts security even further left, protecting against Typosquatting and other malicious packages from even entering your systems.

Combined with Safety CLI, Safety's industry-leading Python package vulnerability scanner, this provides complete end-to-end security for Python development teams by proactively preventing the installation of malicious packages and then performing thorough and ongoing monitoring and analysis of packages and dependencies throughout the development lifecycle. Regular, continuous vulnerability scans of development, CI/CD and production environments are essential to protect against newly-discovered vulnerabilities. Both Package Gateway and Safety CLI tools are backed by Safety's proprietary vulnerability database maintained by our Cybersecurity Intelligence Team.

To speak to one of our experts about how Safety can help to deliver end-to-end security for Python development teams, please email, or visit our website to learn more.

The research for this article was conducted by Safety Cybersecurity Intelligence team member Sebastian Chnelik.

#python #cybersecurity #infosec #typosquatting #dependencies #devsecops #softwaresupplychain #cloudsecurity #security

Reduce vulnerability noise by 90%.
Get a demo today to learn more.