Hackers Target PyPI with Malicious Go Binary Hidden in Image

The Phylum Research Team has uncovered a sophisticated attack targeting the Python Package Index (PyPI), a popular repository for Python software packages. The malicious package, dubbed “requests-darwin-lite,” disguised as a fork of the widely used “requests” library, contained a hidden Go binary embedded within a seemingly harmless PNG image.

The requests project logo

The Attack

The “requests-darwin-lite” package utilized a modified setup.py file—common in Python libraries to specify how they should be installed and managed. While typically employed to streamline package installation and testing, the attackers manipulated the cmdclass attribute in this file. This manipulation allowed for the execution of custom commands during the installation process, specifically targeting macOS systems.

The malicious script within setup.py was designed to decode a base64 string and execute it as a command to gather the system’s UUID (Universally Unique Identifier). The specificity of the UUID targeted suggests a highly targeted attack aimed at either infecting a particular known system or for testing the malware’s deployment capabilities on the attacker’s infrastructure.

Malware Payload

Steganography, the art of hiding data within other files or media, was the method chosen for smuggling the malware into unsuspecting systems. The “requests-darwin-lite” package contained a significantly oversized version of the ‘requests’ logo (approximately 17MB in size, compared to the usual 300kB). This file was used to hide a Go binary, which could potentially serve as a part of a command and control (C2) framework named OSX/Silver, reminiscent of the notorious Cobalt Strike.

Upon installation, the malware would extract this hidden binary from the image file, change its permissions to make it executable, and then run it—all without the user’s knowledge. This form of attack is particularly dangerous as it exploits the trust within the open-source community and the common practices around package installation.

Multiple Versions and Suspicious Activity

Analysis of the package history revealed that the first two versions (2.27.1 and 2.27.2) contained the full malicious payload. These versions were later pulled from PyPI by the attackers themselves. Subsequent versions (2.28.0 and 2.28.1) saw the removal of the malicious installation hooks, although version 2.28.0 still shipped with the binary-laden PNG. The final version published, 2.28.1, appeared benign, containing neither the malicious hook nor the packed PNG.

Mitigation and Response

Phylum promptly reported the malicious package to PyPI, and it has since been removed from the repository. Users who installed the “requests-darwin-lite” package are strongly advised to scan their systems for potential compromise and remove the package immediately.