PyPI Supply Chain Attack: “cloudscrapersafe” Steals Credit Cards via Fake Python Library

Imperva researchers have uncovered a supply chain attack masquerading as a popular Python utility. The package in question—cloudscrapersafe—was uploaded to PyPI on July 6, 2025, and posed as a secure variant of the widely used cloudscraper library. Behind its seemingly helpful façade, however, lay stealthy code designed to steal credit card information and exfiltrate it to a Telegram bot.

“While preserving every original feature of ‘cloudscraper’, the package secretly embeds logic designed to intercept credit card information and exfiltrate it to an external Telegram bot,” Imperva noted.

The legitimate cloudscraper library—downloaded over 1.4 million times—enables automated access to websites protected by Cloudflare’s IUAM (I’m Under Attack Mode).

“This highlights the risk of developers importing tools that are both legally questionable and technically dangerous, with little scrutiny over what additional payloads they may include,” the report states.

The malicious clone cloudscrapersafe preserved all scraping and challenge-solving capabilities but injected two critical logic blocks—one for monitoring HTTP traffic, and another for conditionally exfiltrating data.

The malicious behavior was hidden within a custom subclass of requests.Session. The attacker injected code into the request() method to inspect outgoing HTTP POST requests. Specifically, it looked for traffic directed at three payment gateway endpoints, all of which were base64-encoded to evade static detection.

The targeted payment endpoints include

• credomatic.compassmerchantsolutions.com/api/transact.php
• checkout.baccredomatic.com/purchase/order/
• ecommerce.credomatic.com:447/3DS/API/api/Secure/Execute

When a match occurred, the package scraped sensitive data from the form or JSON body—such as:

• ccnumber
• ccexp
• CardNumber
• CardExpMonth
• CardExpYear

“The stolen data is stored internally, using the variables self.contendatax and self.conteninitx,” the report explains.

The second stage of the attack activated only if the payment appeared successful. The script looked for:

• HTTP response headers containing responsetext=APPROVED
• JSON bodies with “NextStep”: “N” and JWT tokens including “responseCodeDescription”: “APROBADA”

If either signal was detected, the payload triggered a GET request to a hardcoded Telegram bot API, using an obfuscated function that reconstructed the URL from character codes.

Despite PyPI’s swift response, cloudscrapersafe was downloaded and possibly deployed within just a few hours of upload.

Related Posts:

• PyPI Swiftly Patches Privilege Escalation Flaw in Organizations Feature
• PyPI Poisoned: 116 Malicious Packages Target Windows and Linux
• Malicious PyPI Package Targets Discord Developers with Token Theft and Backdoor Exploit
• PyPI’s New Rule: 2FA Verification for All Project Maintainers
• New Technology Uses UPnP Protocol to Avoid DDoS Mitigation