Skip to main content

Researchers identified eight malicious Python libraries on PyPI web portal. According to the report, these packages were downloaded more than 30000 times. However, all the packages were removed from the portal after finding them containing malicious code for stealing credit cards and injecting code. Let’s see more about these malicious Python Libraries.

We have been told several times, supply chain attacks are dramatically increasing these days. Because supply chain attacks are hard to identify and easy to compromise, this is quite obvious. People trust the vendor sites to download the packages and install them on their resources, assuming they are secure. To the sad, sometimes attackers succeed in hosting infected packages on the Vendor sites to launch the attack on the customers. This development in the cyber world made people no surprise even if their network gets infected from a genuine source.

What Is PyPI?

PyPI is the official third-party package repository for Python on which millions of Python packages are available for download. It is also called Python Package Index.

List Of Malicious Python Libraries Found On PyPI:

Lint of Malicious Python Libraries are listed below:

Package name Maintainer Payload
noblesse xin1111 Discord token stealer, Credit card stealer (Windows-based)
genesisbot xin1111 Same as noblesse
are xin1111 Same as noblesse
suffer suffer Same as noblesse , obfuscated by PyArmor
noblesse2 suffer Same as noblesse
noblessev2 suffer Same as noblesse
pytagora leonora123 Remote code injection
pytagora2 leonora123 Same as pytagora

What Is The Impact Of These Malicious Python Libraries?

The research found that these packages were found communicating with other malicious codes for plunder credit cards information, download other malware programs on the victim machine, steal passwords stored on the web browsers. Remote code executions, amass system information, steal discord authentication tokens to impersonate victims, injecting code, and maybe more. 

What Should You Do If You Have Downloaded Any Of These Malicious Python Libraries?

Supply chain attacks are almost impossible to prevent and difficult to detect. However, we have to learn how to be safeguard from such attacks. We suggest a few things, which could help you stop these attacks and few action items to minimize the damage if you have downloaded any packages.


  1. Set up an identical pre-production environment and run the security test on the newly-downloaded software or packages.
  2. Always keep the backup up to date to restore if in case of breakdown.

Action items if you found infected:

  1. Isolate the infected machine.
  2. Remove the malicious Python packages from the machine.
  3. Check the saved password in the browsers and change these compromised passwords in each respective website. Go here to see the saved passwords in edge browser: edge://settings/passwords
  4. Check the saved card information on the browser. Cancel the card if saved. Go here to see the saved cards in Chrome: chrome://settings/payments
  5. Run the full scan with antimalware solutions.
  6. Restore the system if you have taken the backup.

Leave a Reply