Malicious actors have published more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to infect developer systems with clipper malware.
Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a follow-up to a campaign that was initially disclosed in November 2022.
The initial vector entails using typosquatting to mimic popular packages such as beautifulsoup, bitcoinlib, cryptofeed, matplotlib, pandas, pytorch, scikit-learn, scrapy, selenium, solana, and tensorflow, among others.
Targeted web browsers include Google Chrome, Microsoft Edge, Brave, and Opera, with the malware modifying browser shortcuts to load the add-on automatically upon launch using the “–load-extension” command line switch.
The ultimate goal of the attacks is to hijack cryptocurrency transactions initiated by the compromised developer and reroute them to attacker-controlled wallets instead of the intended recipient.
“This attacker significantly increased their footprint in pypi through automation,” Phylum noted. “Flooding the ecosystem with packages like this will continue.”
The findings coincide with a report from Sonatype, which found 691 malicious packages in the npm registry and 49 malicious packages in PyPI during the month of January 2023 alone.
The development once again illustrates the growing threat developers face from supply chain attacks, with adversaries relying on methods like typosquatting to trick users into downloading fraudulent packages.