Revival Hijack on PyPI Disguises Malware With Legitimate File Names

Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game.

Security researchers have discovered a simple and troubling way for attackers to distribute malicious payloads via the PyPI package repository.
All that the technique involves is re-registering a malicious package on PyPI using the same name as any legitimate, previously registered but now removed package from the repository and then waiting for organizations to download it. Since PyPI does not prohibit the reuse of names of removed packages, its easy for adversaries to pass off rogue packages that once were available on the registry as legitimate ones.
The Revival Hijack method can be used by attackers as an easy supply chain attack, targeting organizations and infiltrating a wide variety of environments, researchers at
JFrog warned in a report
this week. PyPI users should stay vigilant and make sure their CI/CD machines are not trying to install packages that were already removed from PyPI, they noted, after recently discovering a threat actor using the tactic in an apparent attempt to distribute malware.
The attack method that JFrog discovered is one of several that adversaries have used in recent years to try and sneak malware into enterprise environments via public code repositories such as PyPI, npm, Maven Central, NuGet, and RubyGems. Common tactics have included
cloning and infecting
popular repositories,
poisoning artifacts,
and looking for and
leveraging leaked secrets
like private keys and database certificates in attacks.
Threat actors have also attempted to trick developers into accidentally installing malicious packages by exploiting common typing errors or using slight variations in the name of a legitimate package (g00gle instead of google, for instance). Such
typosquatting attacks
continue unabated, despite efforts by organizations and the maintainers of PyPI and other registries to protect against them.
The challenge with Revival Hijack is that the technique does not rely on a victim making a mistake, as is typically the case with typosquatting and some of the other attack methods. Updating a once safe package to its latest version is viewed as a safe operation by many users (although it shouldnt!), JFrog noted. Many CI/CD machines are already set up to install these packages automatically.
According to JFrog, when a developer removes a project from PyPI, the associated package names become immediately available for anyone else to use. This means an attacker can easily hijack the package names and infect any user of the original packages that might try to update to the latest version. Any user that might want to install it for the first time on the assumption that it is the original would be similarly affected.
To test the effectiveness of the attack vector, JFrog researchers first created an empty project and published it to PyPI as revival-package version 1.0.0, using a test origin_author account. After publishing the project, the researchers removed it from PyPI and almost immediately published another empty package with the same name to PyPI, but from a different new_authr account and different version number 4.0.0.
The exercise showed PyPI displaying JFrogs second empty package simply as a new version of the companys original revival-package with no indication that it contained very different code. Had JFrogs original package actually been legitimate code that developers were using, a CI/CD system would have downloaded the new version on the assumption it was an update.
After demonstrating that hijacking removed legitimate packages can be easily done, [we] decided to analyze how many packages on PyPI were susceptible to Revival Hijack, meaning that they were previously removed and can now be replaced/hijacked, JFrog said.
The JFrog researchers search showed a staggering 120,000 removed packages that attackers could potentially hijack to sneak malware onto PyPI. When the researchers filtered the results to only include packages that had been active for at least months or that users had previously downloaded more than 100,000 times, that number dropped to around 22,000 packages.
To prevent adversaries from misusing these abandoned package names, JFrog researchers hijacked the most popular of these packages and replaced them with empty ones. They also ensured that the version number on all the empty packages was 0.0.0.1, to ensure that no one using the original packages would accidentally download the empty package as an update.
Even despite this precaution JFrogs empty packages racked up nearly 200,000 automatic and manual downloads over a three-month period, showing that the Revival Hijack threat is very real, the security vendor said. This seems to indicate that there are outdated jobs and scripts out there which are still looking for the deleted packages, or users that manually downloaded these packages due to typosquatting, JFrog said.
In an actual attack scenario, an adversary would have likely attached a high version number to each hijacked package so CI/CD systems would automatically download them believing them to be updates, JFrog said. The company has recommended that PyPI completely prohibit the reuse of abandoned package names. Organizations using PyPI also need to be aware of this attack vector when upgrading to new package versions, JFrog warned.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Revival Hijack on PyPI Disguises Malware With Legitimate File Names