A new supply chain attack targeting the Python Package Index (PyPI) has been detected, potentially threatening thousands of developers and downstream organizations. Dubbed “Revival Hijack” by the cybersecurity firm JFrog, this attack technique leverages a vulnerability in the PyPI registry, allowing malicious actors to hijack and re-register over 22,000 previously removed packages, posing a significant risk to software supply chains.
According to JFrog researchers Andrey Polkovnychenko and Brian Moussalli, the attack exploits a feature that permits the re-registration of packages once they’ve been removed by their original owners. This vulnerability opens the door for attackers to take control of these packages and upload malicious versions, potentially leading to “hundreds of thousands” of compromised downloads.
JFrog’s analysis revealed that an average of 309 packages are removed from PyPI every month for various reasons, including lack of maintenance, rebranding, or integration into official libraries. Once removed, these packages become available for registration by any user, creating a prime target for attackers.
Unlike other attack methods like typosquatting, Revival Hijack does not rely on user errors during package installation. Instead, it exploits the trust developers place in updating packages to their latest versions. This method allows malicious actors to replace safe packages with counterfeit versions, which are then unknowingly downloaded and installed by developers.
Even though PyPI has measures to prevent author impersonation and typosquatting, JFrog discovered that running commands like “pip list –outdated” and “pip install –upgrade” can lead to the installation of these compromised packages without any warning about the change in authorship.
In a proactive move, JFrog created a PyPI user account named “security_holding” to safely hijack and replace vulnerable packages with harmless placeholders, preventing malicious actors from exploiting them. These placeholder packages are assigned version numbers like 0.0.0.1 to prevent them from being mistakenly installed during upgrades.
However, the threat is far from over. The Revival Hijack technique has already been used in real-world attacks. On March 30, 2024, a package named “pingdomv3” was hijacked by an unknown threat actor named Jinnis shortly after the original owner, cheneyyan, removed it from PyPI. The attacker later released an update on April 12, 2024, containing a Base64-encoded payload designed to execute a remote script if a specific environment variable was detected.
This incident underscores the growing interest of threat actors in exploiting software supply chains on a larger scale. JFrog warns organizations and developers to scrutinize their DevOps pipelines to ensure that they are not installing packages that have been removed from the PyPI repository.
“The vulnerability in handling removed packages has allowed attackers to hijack existing packages seamlessly, posing a significant threat to the PyPI ecosystem,” said Moussalli, JFrog’s Security Research Team Lead. “Despite proactive measures, developers must remain vigilant and adopt security best practices to protect themselves and the broader PyPI community from this emerging threat.”