Researchers from JFrog have discovered a new supply chain attack technique for attacking PyPI repositories, potentially impacting over 22,000 software packages and threatening countless users.
The technique, dubbed Revival Hijack, exploits a policy loophole allowing attackers to re-register and hijack package names once they are removed from PyPI by the original developers.
This technique leverages the removal and re-registration of popular packages. When developers delete their projects from PyPI, the package names become available for anyone else to register. Attackers can then upload malicious versions of these packages, which unsuspecting users may download and install, believing them to be legitimate.
The analysis revealed that over 22,000 PyPI packages were exposed to the Revival Hijack attack. This means that hundreds of thousands of users could unknowingly download harmful software.
The researchers created and published a package, then removed it and re-registered it under a different user. The experiment showed that the new, imposter package appeared as a legitimate update, with no warnings from the package manager.
JFrog’s systems detected unusual activity involving the ‘pingdomv3’ package. The package had a new owner who released an apparently harmless update followed by a version containing a suspicious, Base64-obfuscated payload. This incident initiated an immediate investigation and led to the removal of the malicious package by PyPI maintainers.
JFrog researchers reported this issue to PyPI’s security team and urged stricter policies to prevent package names from being reused. They also urge users to stay vigilant and ensure their CI/CD systems are not attempting to install packages that have been removed from PyPI.
