Python Package Index (PyPI) has recently observed several malicious packages hidden in its repository. PyPI hosts almost 600,000 projects written in the Python programming language.

The original aiocpa package, self-described as a “synchronous & asynchronous Crypto Pay API Client,” was uploaded to PyPI and GitHub in September 2024 and downloaded 12,100 times. The malicious changes to the code were first spotted as of version 0.1.13 of the aiocpa library. The updated script changes the ‘sync.py’ code, which allows the ability to capture and transmit a victim’s Crypto Pay API token using a Telegram bot.

The author of the package published this malicious version to PyPI, but the update was not uploaded to the aiocpa GitHub repository. While the change was uploaded under the author’s account, it is currently unknown if the developer was behind the malicious code or if their credentials were compromised.  The administrators of PyPI have since quarantined the most recent version of aiocpa to prevent users from downloading and installing the malicious code.

Researchers have also recently discovered two packages on PyPI that were found to be distributing JarkaStealer . In both cases, the packages claimed to give application programming interface (API) access to chatbot functionality, targeting victims interested in deeper access into OpenAI’s ChatGPT and Anthrophic’s Claude generative artificial intelligence (GenAI) platforms. Upon installing these packages, users are given access to a demo version of the intended product to provide at least a temporary sense of legitimacy while the malicious programming works behind the scenes. These two libraries were available on PyPI for a year before being found malicious, and each library was downloaded over 1,700 times before being removed from the PyPI repository.

Recommendations

• Exercise caution and review the source code when downloading updates to or installing new packages.
• Analyze customer reviews and only download extensions from official sources.
• If the affected packages were downloaded, uninstall them promptly.