Monday, May 19, 2025
Homecyber securityTwo Malicious Python Packages Steal SSH and GPG Keys Exists in the...

Two Malicious Python Packages Steal SSH and GPG Keys Exists in the Python Package Index for a Year

Published on

SIEM as a Service

Follow Us on Google News

The python security team has removed two malicious python packages that introduced with the Python Package Index (PyPI) aimed to steal SSH and GPG keys from the infected developer projects.

PyPI is a python repository that helps to locate and install the software developed and shared by the Python community. It includes Over 113,000 Python packages, users can find the packages based on keywords and by using filter data.

Malicious Python Packages

The two malicious python packages “python3-dateutil” and “jeIlyfish,” developed by the same developer with handle “olgired2017″. The malicious package “python3-dateutil” found to present in the repository for more than a year, another package is a short-lived one.

- Advertisement - Google News

Both of the malicious packages identified by the German developer Lukas Martini and he reported to the python security team and the packages have been removed now.

“Just a quick heads-up: There is a fake version of this package called python3-dateutil on PyPI that contains additional imports of the jeIlyfish package (itself a fake version of the jellyfish package, that first L is an I). That package, in turn, contains malicious code starting at line 313 in jeIlyfish/_jellyfish.py:”

The two malicious packages resemble the original packages of ‘dateutil’ and ‘jellyfish’, “python3-dateutil” impersonates ‘dateutil’ and “jeIlyfish” (the first L is an I) imitated the “jellyfish” library.

dateutil – It is the standard datetime module, available in Python, it can be installed from PyPI using the pip command pip install python-dateutil. It can be also downloaded from here.

jellyfish – It is a python library for doing approximate and phonetic matching of strings. It can be also downloaded from here.

The “python3-dateutil” not having any malicious strings, it imports another malicious package “jeIlyfish” which steals the SSH and GPG keys from developer projects.

If you are using ‘dateutil’ and ‘jellyfish’, it is recommended to check that the installed package is the legitimate one.

To note, Python language emerges as the most common vector for launching exploit attempts.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials

A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom...

New Hannibal Stealer Uses Stealth and Obfuscation to Evade Detection

A newly identified piece of malware, dubbed the "Hannibal Stealer," has emerged as a...

Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives

Advanced persistent threat (APT) groups with ties to China have become persistent players in...

Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base

Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials

A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom...

New Hannibal Stealer Uses Stealth and Obfuscation to Evade Detection

A newly identified piece of malware, dubbed the "Hannibal Stealer," has emerged as a...

Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives

Advanced persistent threat (APT) groups with ties to China have become persistent players in...