Open Source 2025-07-28 · 3 days ·Credential Theft

num2words maintainer phishing shipped malware

A pypj.org phishing page stole PyPI credentials and led to malicious num2words releases. Versions 0.5.15 and 0.5.16 appeared on PyPI without matching upstream GitHub releases.

Story

On July 28, 2025, an attacker used a phished PyPI credential to publish two malicious releases of num2words, the widely used Python library that turns numbers into their written-out form across dozens of languages. The compromise extended a string of registry takeovers that ran through the summer, this time on the Python side rather than npm.

According to StepSecurity, the maintainer was lured to pypj.org, a typosquat of the legitimate pypi.org domain, where the attacker harvested credentials and a 2FA code. The stolen session was used to mint a fresh PyPI API token and to push version 0.5.15 to the registry, with 0.5.16 following soon after. Neither release had a matching commit, tag, or GitHub Release on the upstream savoirfairelinux/num2words repository, the divergence that first drew the analysts' attention. The bad version sat on PyPI for roughly two hours before being flagged, long enough for automated dependency-update bots to begin opening pull requests against downstream projects.

Researchers tied the incident to an actor commonly tracked as Scavenger, which has been linked to a series of supply-chain intrusions earlier in the year. Public reporting on the num2words payload itself remains thin: the advisory tracked as GHSA-jxr6-qrxx-2ph2 rates it critical and confirms the releases shipped malicious code, but neither StepSecurity's writeup nor GitHub's advisory enumerates the specific behavior.

PyPI removed both versions, and the project's legitimate maintainers continued publishing from the unaffected GitHub branch. Operators who installed 0.5.15 or 0.5.16, or whose dependency bots resolved them automatically, were advised to pin to a known-good version and rotate any credential reachable from the affected host.

Affected Artifacts

num2words

pypi · repository · Source Archive

Observed: 2025-07-28 to 2025-07-31
Compromised Versions: 0.5.15

0.5.16
Fixed: Not listed
Evidence: distribution: pypi.org/project/num2words/0.5.15, distribution: pypi.org/project/num2words/0.5.16, distribution: github.com/savoirfairelinux/num2words/tags, mirror: github.com/savoirfairelinux/num2words , +2 more

StepSecurity cited package popularity as exposure context; no confirmed affected-user count is stored.

Incident Context

Motive: Credential Theft
Attribution: Group
Cause: Social Engineering
Transitive: No
Actor: Cybercriminal Gang

External References

Source record: oss/attacks/num2words/meta.yaml