This article is more than 1 year old

Python Package Index nukes 3,653 malicious libraries uploaded soon after security shortcoming highlighted

Unauthorized versions of CuPy and other projects flood PyPI

The Python Package Index, also known as PyPI, has removed 3,653 malicious packages uploaded days after a security weakness in the use of private and public registries was highlighted.

Python developers use PyPI to add software libraries written by other developers in their own projects. Other programming languages implement similar package management systems, all of which demand some level of trust. Developers are often advised to review any code they import from an external library though that advice isn't always followed.

Package management systems like npm, PyPI, and RubyGems have all had to remove subverted packages in recent years. Malware authors have found that if they can get their code included in popular libraries or applications, they get free distribution and trust they haven't earned.

Last month, security researcher Alex Birsan demonstrated how easy it is to take advantage of these systems through a form of typosquatting that exploited the interplay between public and private package registries.

The deluge of malicious Python packages over the past week included unauthorized versions of projects like CuPy, an implementation of NumPy-compatible multi-dimensional array on CUDA, Nvidia's parallel computing platform.

In a GitHub issues post, Kenichi Maehashi, a project maintainer, recounts how cupy-cuda112 ( (CuPy built for CUDA 11.2) was uploaded on February 25, 2021, then detected and removed a day later. Python has a policy for dealing with this sort of thing (PEP 541).

On Monday, Ee W. Durbin III, director of infrastructure at the Python Foundation, said the thousands of offending packages had been removed but expressed reluctance to ban the account responsible because the account holder could simply register for another account.

The name used on the malware author's account, "RemindSupplyChainRisks," appears to be an attempt to call attention to an aspect of software distribution that most developers already understand is fraught with potential problems. And a comment line included on one of the malicious package files says as much: "the purpose is to make everyone pay attention to software supply chain attacks, because the risks are too great."

The fact that the author left a non-working email address and has not stepped forward might equally well mean that this was a real malware attack disguised as the act of a good samaritan.

However, it's difficult to imagine that anyone actually attempting harm would upload thousands of packages over a short span of time, knowing such activity would be noticed.

What's more, the malicious code evident in cupy-cuda112 isn't that bad: It sends a GET request to a Tokyo-based IP address ( with the name of the package appended to it. ®

More about


Send us news

Other stories you might like