Two recent incidents in the PyPI repository have exposed vulnerabilities in the software supply chain. Attackers managed to publish modified versions of legitimate packages such as PyTorch Lightning and Intercom-client. These variants contained hidden code designed to extract access credentials stored in users' systems, demonstrating a growing risk for developers and companies that rely on open-source libraries.
How attackers manipulated legitimate PyPI packages 🔍
Attackers used typosquatting and dependency confusion techniques to distribute their malicious versions. In the case of PyTorch Lightning, the harmful code executed during installation, collecting environment variables and configuration files with credentials. For Intercom-client, the malware activated when importing the package, exfiltrating data via HTTP requests to controlled servers. Both cases exploited trust in the Python ecosystem, where manual dependency review remains a challenge.
The paradox of installing blind trust in PyPI 🤔
It is curious that the same developers who write code to automate processes then install packages without reviewing their content. It is like buying a used car and not opening the hood because the seller has a nice face. Attackers know that technical laziness is a profitable attack vector. Meanwhile, we keep running pip install as if it were an act of faith, hoping that no one has slipped a keylogger into the latest update of a library for sorting lists.