The official repository for the widely used Python programming language PyPI was tainted with modified code packages that had been downloaded by unwitting developers who incorporated them into software for three months.

  • The packages functioned as normal but the added code was executed as soon as a developer or system administrator installed the package (administrator privileges).
  • The executed code was apparently only used to report name and version of the fake package, user name of the user who installed the package, and hostname (with a HTTP request to a remote server at

The attack was made easier by pip not requiring the cryptographic signature and executing arbitrary code during package installation.

The incident resembles an attack carried out in June 2016 in a research experiment in which Hamburg student Nikolai Philipp Tschacher uploaded packages to PyPI and two other repositories.

  • Connections to TCP port 8080
  • Remove all unintentionally installed fake packages. As soon as the proper package is installed, the code should continue working as expected. To check with pip which packages may have been affected and need re-installation:
pip list --format=legacy | egrep '^(acquisition|apidev-coop|bzip|crypt|django-server|pwd|setup-tools|telnet|urlib3|urllib) '
  • Use a safer Python development. Pip executes code downloaded from the Internet and PyPI packages are not subject to code review.