{
	"id": "0bd8b870-6d5c-4594-97ef-15d5711f1654",
	"created_at": "2026-04-06T00:08:47.965549Z",
	"updated_at": "2026-04-10T03:24:30.166413Z",
	"deleted_at": null,
	"sha1_hash": "9b52d38d176734933879fc3bf18ea45b8e79c504",
	"title": "Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 200911,
	"plain_text": "Researchers Find Over 22,000 Removed PyPI Packages at Risk of\r\nRevival Hijack\r\nBy The Hacker News\r\nPublished: 2024-09-04 · Archived: 2026-04-05 14:09:24 UTC\r\nA new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the\r\nwild in an attempt to infiltrate downstream organizations.\r\nIt has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method\r\ncould be used to hijack 22,000 existing PyPI packages and result in \"hundreds of thousands\" of malicious package\r\ndownloads. These susceptible packages have more than 100,000 downloads or have been active for over six\r\nmonths.\r\n\"This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them\r\nonce they're removed from PyPI's index by the original owner,\" JFrog security researchers Andrey\r\nPolkovnychenko and Brian Moussalli said in a report shared with The Hacker News.\r\nAt its core, the attack hinges on the fact that Python packages published in the PyPI repository may get removed,\r\nmaking available the names of those deleted projects for registration to any other user.\r\nhttps://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html\r\nPage 1 of 3\n\nStatistics shared by JFrog show that about 309 packages are removed each month on average. These could happen\r\nfor any number of reasons: Lack of maintenance (i.e., abandonware), package getting re-published under a\r\ndifferent name, or introducing the same functionality into official libraries or built-in APIs.\r\nThis also poses a lucrative attack surface that's more effective than typosquatting and which an attacker, using\r\ntheir own accounts, could exploit to publish malicious packages under the same name and a higher version to\r\ninfect developer environments.\r\n\"The technique does not rely on the victim making a mistake when installing the package,\" the researchers said,\r\npointing out how Revival Hijack can yield better results from the point of view of an adversary. \"Updating a 'once\r\nsafe' package to its latest version is viewed as a safe operation by many users.\"\r\nWhile PyPI does have safeguards in place against author impersonation and typosquatting attempts, JFrog's\r\nanalysis found that running the \"pip list --outdated\" command lists the counterfeit package as a new version of the\r\noriginal package, wherein the former corresponds to a different package from an entirely different author.\r\nEven more concerning, running the \"pip install –upgrade\" command replaces the actual package with the phony\r\none without not so much of a warning that the package's author has changed, potentially exposing unwitting\r\ndevelopers to a huge software supply chain risk.\r\nJFrog said it took the step of creating a new PyPI user account called \"security_holding\" that it used to safely\r\nhijack the susceptible packages and replace them with empty placeholders so as to prevent malicious actors from\r\ncapitalizing on the removed packages.\r\nAdditionally, each of these packages has been assigned the version number as 0.0.0.1 – the opposite of a\r\ndependency confusion attack scenario – to avoid getting pulled by developers when running a pip upgrade\r\ncommand.\r\nWhat's more disturbing is that Revival Hijack has already been exploited in the wild, with an unknown threat actor\r\ncalled Jinnis introducing a benign version of a package named \"pingdomv3\" on March 30, 2024, the same day the\r\noriginal owner (cheneyyan) removed the package from PyPI.\r\nOn April 12, 2024, the new developer is said to have released an update containing a Base64-encoded payload that\r\nchecks for the presence of the \"JENKINS_URL\" environment variable, and if present, executes an unknown next-stage module retrieved from a remote server.\r\n\"This suggests that the attackers either delayed the delivery of the attack or designed it to be more targeted,\r\npossibly limiting it to a specific IP range,\" JFrog said.\r\nThe new attack is a sign that threat actors are eyeing supply chain attacks on a broader scale by targeting deleted\r\nPyPI packages in order to expand the reach of the campaigns. Organizations and developers are recommended to\r\nhttps://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html\r\nPage 2 of 3\n\ninspect their DevOps pipelines to ensure that they are not installing packages that have been already removed\r\nfrom the repository.\r\n\"Using a vulnerable behavior in the handling of removed packages allowed attackers to hijack existing packages,\r\nmaking it possible to install it to the target systems without any changes to the user's workflow,\" said Moussalli,\r\nJFrog Security Research Team Lead.\r\n\"The PyPI package attack surface is continually growing. Despite proactive intervention here, users should always\r\nstay vigilant and take the necessary precautions to protect themselves and the PyPI community from this hijack\r\ntechnique.\"\r\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content\r\nwe post.\r\nSource: https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html\r\nhttps://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://thehackernews.com/2024/09/hackers-hijack-22000-removed-pypi.html"
	],
	"report_names": [
		"hackers-hijack-22000-removed-pypi.html"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434127,
	"ts_updated_at": 1775791470,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9b52d38d176734933879fc3bf18ea45b8e79c504.pdf",
		"text": "https://archive.orkl.eu/9b52d38d176734933879fc3bf18ea45b8e79c504.txt",
		"img": "https://archive.orkl.eu/9b52d38d176734933879fc3bf18ea45b8e79c504.jpg"
	}
}