Home Digital Malicious Package found on PyPI that hides behind Image and spread via GitHub
Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Malicious Package found on PyPI that hides behind Image and spread via GitHub

by uma


Check Point Research (CPR) detects a new malicious package on PyPI, the repository of software for the Python programming language. The malicious package was designed to hide code in images and infect through open-source projects on GitHub. CPR believes its findings reflect careful planning and thought by a threat actor, who proves that obfuscation techniques on PyPI have evolved. 

       Infection designed to take place through GitHub ‘legitimate’ projects

       CPR shares image it found where malicious code was hidden behind

       CPR responsibly disclosed findings to PyPI, who removed threat

Check Point Research (CPR) detected a new malicious package on PyPI, the repository of software for the Python programming language. This malicious package is distinct in two ways: 

  1. It hides the malicious code inside an image
  2. The main infection area is GitHub

Hiding Code in Images

CPR found that code was obfuscated inside the following image. 

Infection via GitHub

The infection process goes as follows: searching the web for legitimate projects, one will come across these GitHub open-sourced projects and will install it locally, not knowing it brings in a malicious package import. From the installer point of view, they are trying an open-source project from GitHub, not knowing it hides a malicious Trojan part inside it.

Responsible Disclosure 

CPR responsibly disclosed its findings to PyPI, who quickly removed the malicious package. 

Quote: Ori Abramovsky, Head of Data Science, SpectralOps (a Check Point company): 

“We constantly scan PyPI for malicious packages and responsibly report them to PyPI. This one is unique and distinct from almost all the malicious packages we have encountered before. This package differs in the way it camouflages its intent, and the way in which it targets PyPI users to infect them with malicious imports on GitHub. Our findings indicate that PyPI malicious packages and their obfuscation techniques are fast-evolving. The package we have shared here reflects careful and meticulous work. It is not the regular copy and past that we commonly see, but what seems like a real campaign. The creation of the GitHub projects, then smartly hiding the code and downplaying the packages on PyPI, are all sophisticated work.” 

Safety Tips

  1. Use services like threat code scanners to double check the 3rd party packages
  2. Approach with suspicion. Even if you see a project on GitHub with stars and forks, it can be a synthetically generated fake view
  3. Double check and explore code you do not own


You may also like