1 min read

Fake Python Libraries Caught Trying to Steal SSH and GPG Keys

Silviu STAHIE

December 05, 2019

Fake Python Libraries Caught Trying to Steal SSH and GPG Keys

A couple of Python libraries that posed as real components were caught stealing SSH and GPG keys from projects that used them.

Software developer Lukas Martini discovered that the python3-dateutil and jeIlyfish libraries in the PyPI (Python Package Index) were actually designed to imitate the real dateutil and jellyfish packages to steal the SSH and GPG keys.

The two libraries had different names than the originals, with jeIlyfish differing only by one letter. This type of mechanic has a long history of use on Unix environments, but it”s not exclusive. The most worrying aspect is that, while python3-dateutil was only available for two days, the fake jeIlyfish library stayed up for more than a year.

“Just a quick heads-up: There is a fake version of this package called python3-dateutil on PyPI that contains additional imports of the jeIlyfish package (itself a fake version of the jellyfish package, that first L is an I),” said Martini. “I’ve sent an email to the Python security team and hope they’ll take the package (as well as the other ones by the user) down soon, but in the meantime it might be a good idea to check if you have the correct version installed.”

According to ZDNet, dateutil developer Paul Ganssle analyzed the files and determined that python3-dateutil called for the installation and use of jeIlyfish, which would try to find SSH and GPG from the project and send them to the IP address http://68.183.212.246:32258.

While the PyPI project removed the libraries, developers still using them should purge their repositories and make sure they are not in use.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account The Perils of Online Dating: Spotting Romance Scammers Before They Break Your Heart and Your Bank Account
Alina BÎZGĂ

August 05, 2021

3 min read
Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux Google Fixes Five High-Severity Flaws in Chrome 92 for Windows, Mac and Linux
Filip TRUȚĂ

August 05, 2021

1 min read
Google Drops All Support for Android 2.3.7 and Older Google Drops All Support for Android 2.3.7 and Older
Silviu STAHIE

August 04, 2021

1 min read