“Blank Grabber” Malware in PyPI: A Silent Threat to Python Developers

The Python Package Index (PyPI) is known for its vast library of packages aiding developers in enhancing their coding efficiency. However, lurking beneath this repository of innovation is a new cybersecurity threat: the “Blank Grabber” malware.

Imperva Threat Research team recently unearthed a deceptive package called ‘sellpass-sdk’ in PyPI, which turned out to be a distributor of the “Blank Grabber” infostealer malware. This discovery, after a series of similar incidents, signals a worrying trend in the cybersecurity landscape of Python development.

PyPI sellpass packages

The malicious package, which closely mimicked a legitimate package ‘sellpass’, employed various tactics to establish credibility. These included using similar author names and creating multiple versions to appear actively maintained. This ruse led to the package being downloaded numerous times, highlighting the ease with which such malware can infiltrate systems.

Once installed, “Blank Grabber” exhibited harmful behaviors. It was capable of blocking incoming calls and messages on infected devices, preventing victims from receiving crucial alerts. The malware executed a sophisticated strategy of data exfiltration and system compromise.

Package infection flow

The ‘Blank Grabber’ info stealer can result in various security breaches, including:

  • Theft of credentials and session cookies, as well as access to a cryptocurrency wallet;
  • Monitoring of a device’s screen;
  • Unauthorized access and control of a webcam;
  • Compromise of a local or corporate network; and
  • Implementation of multiple mechanisms to maintain persistence on the affected system.

This incident serves as a stark reminder of the importance of vigilance in cybersecurity. Developers and users alike must exercise caution, especially when sourcing packages from repositories like PyPI. The case of the “Blank Grabber” malware is a wake-up call to the Python community, emphasizing the need for constant awareness and stringent security practices in our increasingly interconnected world.