An attack on the npm ecosystem continues to evolve, exploiting compromised accounts to publish malicious packages. This campaign, dubbed Shai-Hulud, has targeted large volumes of packages in the JavaScript ecosystem, exfiltrating credentials to further propagate itself.
PyPI has not been exploited, however some PyPI credentials were found exposed in compromised repositories. We’ve revoked these tokens as a precaution, there’s no evidence they have been used maliciously. This post raises awareness about the attack and encourages proactive steps to secure your accounts, especially if you’re using build platforms to publish packages to PyPI.
This week, a security researcher disclosed long-lived PyPI credentials exposed as part of the Shai-Hulud campaign. The credentials were found in GitHub repositories (stored as repository secrets), and were still valid. We saw an attack with insecure workflow settings for Ultralytics in 2024.
While the campaign primarily targets npm, some projects use monorepo setups, publishing both JavaScript packages to npmjs.com and Python packages to PyPI from the same repository. When attackers compromise these repositories, they can extract credentials for multiple platforms.
We investigated the reported credentials and found they were associated with accounts that hadn’t published recently. We’ve revoked these credentials and reached out to affected users to advise them to rotate any remaining tokens.
Here are security practices to protect your PyPI account:
Use Trusted Publishing: If you are using a build platform to publish packages to PyPI, consider using a Trusted Publisher. This eliminates the need to manage long-lived authentication tokens, reducing the risk of credential exposure. Trusted Publishing uses short-lived, scoped tokens for each build, minimizing the impact of any potential compromise. This approach has risen in popularity, with other registries like Crates.io, RubyGems, and npmjs.com adopting similar models.
When using GitHub Actions, consider layering in additional security measures, like requiring human approval via GitHub Environments before publishing. This blog post from pyOpenSci has detailed guidance on adding manual review steps to GitHub Actions workflows.
Audit your workflows for misconfiguration: Review your GitHub Actions workflows for any potential security issues. Tools like zizmor and CodeQL can help identify vulnerabilities in your CI/CD pipelines. Adopt scanning as automated actions for the repository to catch future issues.
Review your account activity: Regularly check your PyPI account activity for any unauthorized actions. If you notice any suspicious activity, report it to the PyPI security team immediately.
Taking any of these steps helps mitigate the risk of compromise and keeps packages secure.
Some blog posts covering the attack behaviors and mitigation steps:
We've implemented a new security feature designed to protect PyPI users from phishing attacks: email…
Trusted Publishing has proven popular since its launch in 2023. Recap: Trusted Publishing enables software…
We are pleased to announce the release of the new Expense Submission flow! 🎉We’ve done…
Digital signatures add another layer of security to your online transactions and communications. But how…
Unfortunately the string of phishing attacks using domain-confusionand legitimate-looking emails continues. This is the same…
SummaryI recently responded to an attack campaign where malicious actors injected code into GitHub Actions…
This website uses cookies.