The 12 packages have been discovered in two separate scans by a security engineer who goes online by the name of Bertus, and have long been removed from PyPI before this article's publication.
All packages were put together and worked following a similar pattern. Their creator(s) copied the code of popular packages and created a new library, but with a slightly modified name. For example, four packages (diango, djago, dajngo, djanga) were misspellings of Django, the name of a very popular Python framework.
The people behind these malicious packages added malicious code to these newly-created, but fully functional projects, and more specifically to the setup.py files. Setup.py files contain a set of instructions that Python library installers like "pip" execute automatically when downloading and setting up a new package inside a Python project.
The nature of this extra code was to perform various malicious operations and varied per each malicious library.
Bertus discovered a first set of 11 malicious packages on October 13 (see table below), and another malicious package on October 21.
The first set of malicious libraries would attempt to either collect data about each infected environment, obtain boot persistence, or even open a reverse shell on remote workstations.
The twelfth package, named "colourama," was financially-motivated and hijacked an infected users' operating system clipboard, where it would scan every 500ms for a Bitcoin address-like string, which it would replace with the attacker's own Bitcoin address in an attempt to hijack Bitcoin payments/transfers made by an infected user.
This package, too, mimicked the name of a popular Python library, named "colorama."
According to the PyPI Stats service, 54 users had downloaded the package a month before it was taken down. The attacker's Bitcoin address contained the equivalent of only $40, with the last transfer being received way back in April, and suggesting that the colourama package failed to make any money.
"I provided the PyPI administrators with the package name, and they removed the package," Bertus told ZDNet in an email interview. "In addition, they also blocked the name colourama for any future package registrations."
The researcher told us he discovered all 12 packages by using an automated system he created himself that scanned the PyPI repository for packages with similar names --technically referred to as "typo-squatted" packages.
Bertus says he created the scanner after seeing a security alert sent out by the Slovak National Security Office last year that warned Python developers about ten malicious Python libraries uploaded on PyPI. Those libraries, too, had used typo-squatted names and waited for weeks for users to install them by accident or carelessness, before being taken down.
"At the moment, I am focused on improving the Python (PyPI) scanner, and I will be doing more regular scans," Bertus told ZDNet.