Malicious PyPI Packages Using Compiled Python Code to Bypass Detection

Jun 01, 2023Ravie LakshmananProgramming / Supply Chain

Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools.

“It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed,” ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News.

The package in question is fshec2, which was removed from the package registry on April 17, 2023, following responsible disclosure on the same day.

PYC files are compiled bytecode files that are generated by the Python interpreter when a Python program is executed.

“When a module is imported for the first time (or when the source file has changed since the current compiled file was created) a .pyc file containing the compiled code should be created in a __pycache__ subdirectory of the directory containing the .py file,” explains the Python documentation.

The package, per the software supply chain security firm, contains three files – _init_.py, main.py, and full.pyc – the last of which harbors malicious functionality.

“The entry point of the package was found in the __init__.py file, which imports a function from the other plaintext file, main.py, which contains Python source code responsible for loading of the Python compiled module located in one of the other files, full.pyc,” Zanki pointed out.

This, in turn, is achieved by making use of the importlib package (as opposed to a regular import) to load and execute the code present in the .pyc file.

An analysis of the reverse-engineered version of the PYC file reveals that it’s configured to collect usernames, hostnames, and directory listings, as well as fetch commands to be executed on the host from a hard-coded server (13.51.44[.]246).

ReversingLabs said it also observed the module download and run another Python script that’s responsible for fetching new commands placed within a file that can be tweaked at will by the threat actor to issue different instructions.

Further examination of the command-and-control server unearthed a misconfiguration that made it possible to download files by their ID, which are numbered in sequential order (starting from 1), sans any authorization. This indicates that the attack was most likely not orchestrated by a sophisticated actor.

The development is a continuation of efforts on the part of threat actors to adopt different obfuscation techniques in order to evade detection from security solutions.

“Loader scripts such as those discovered in the fshec2 package contain a minimal amount of Python code and perform a simple action: loading of a compiled Python module,” Zanki said. “It just happens to be a malicious module.”