spam
spam PyPI package compromised via phishing.
During the same JuiceLedger phishing wave that hit exotel, the maintainer account for the PyPI package spam was compromised. Malicious versions 2.0.2 and 4.0.2 were uploaded with installation logic that downloaded and executed infostealer malware on developer systems during installs.
- Date
- 2022-08-01 to 2022-08-31
- Category
- Commercial
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Infostealer
- Cause
- Phishing
What Was Affected
Package
spam
LanguagePython
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
pypi.org
Compromised Versions
Incident Context
- Motive
- Credential theft
- Attribution
- Threat Actor
- Transitive
- No
- User Impact
- 200000
- Observed Duration
- 30 days
Evidence
Compromised Artifacts
- pypi.org/project/spam
- pkg:pypi/spam@2.0.2
- pkg:pypi/spam@4.0.2
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:60434af3ebe924efabc96558e6c8d8176bf4eb06dd6cc47b4c491da9964be874
External References
Source Data
Source record: proprietary/spam/meta.yaml