{
	"id": "e88c1213-a6f4-4688-9640-71840cb2110b",
	"created_at": "2026-04-06T00:19:17.755788Z",
	"updated_at": "2026-04-10T03:30:46.226691Z",
	"deleted_at": null,
	"sha1_hash": "f485faa5d89d9a7c56e97de4f3a3adf28ec42add",
	"title": "PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2422627,
	"plain_text": "PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From\r\nFake Apps to Supply Chain Attacks\r\nBy Amitai Ben Shushan Ehrlich\r\nPublished: 2022-09-01 · Archived: 2026-04-05 18:48:54 UTC\r\nExecutive Summary\r\nJuiceLedger is a relativey new threat actor focused on infostealing through a .NET assembly called\r\n‘JuiceStealer’\r\nJuiceLedger has rapidly evolved its attack chain from fraudulent applications to supply chain attacks in\r\nlittle over 6 months\r\nIn August, JuiceLedger conducted a phishing campaign against PyPI contributors and successfully\r\ncompromised a number of  legitimate packages\r\nHundreds of typosquatting packages delivering JuiceStealer malware have been identified\r\nAt least two packages with combined downloads of almost 700,000 were compromised\r\nPyPI says that known malicious packages and typosquats have now been removed or taken down\r\nOverview\r\nSentinelLabs, in collaboration with Checkmarx, has been tracking the activity and evolution of a threat actor\r\ndubbed “JuiceLedger”. In early 2022, JuiceLedger began running relatively low-key campaigns, spreading\r\nfraudulent Python installer applications with ‘JuiceStealer’, a .NET application designed to steal sensitive data\r\nfrom victims’ browsers. In August 2022, the threat actor engaged in poisoning open-source packages as a way to\r\ntarget a wider audience with the infostealer through a supply chain attack, raising the threat level posed by this\r\ngroup considerably.\r\nJuiceLedger operators have actively targeted PyPi package contributors in a phishing campaign, successfully\r\npoisoning at least two legitimate packages with malware. Several hundred more malicious packages are known to\r\nhave been typosquatted.\r\nIn this post, we detail the evolution of JuiceLedger, describe the group’s attack vectors and activity, and provide an\r\nanalysis of the JuiceStealer payload.\r\nDual Pronged Attack – Fake Apps and Supply Chain Attacks\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 1 of 11\n\nThe supply chain attack on PyPi package contributors appears to be an escalation of a campaign begun earlier in\r\nthe year which initially targeted potential victims through fake cryptocurrency trading applications, among them a\r\nbot the threat actors marketed as an “AI Crypto trading bot” named “The Tesla Trading bot”.\r\nThe attack on PyPI in August involves a far more complex attack chain, including phishing emails to PyPI\r\ndevelopers, typosquatting, and malicious packages intended to infect downstream users with the JuiceStealer\r\nmalware. This vector seems to be utilized in parallel to the earlier JuiceLedger infection method, as similar\r\npayloads were delivered around the same time through fake cryptocurrency ledger websites.\r\nTargeting PyPI Contributors\r\nOn August 24, 2022, PyPi published details of an ongoing phishing campaign targeting PyPi users. According to\r\ntheir report, this is the first known phishing attack against PyPI. The phishing email states that a mandatory\r\n‘validation’ process requires the contributor to validate their package or risk having it removed from PyPI.\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 2 of 11\n\nExample of a phishing email sent to PyPI contributors. Source: PyPI via Twitter\r\nThe phishing emails point victims to a Google site’s landing page mimicking the PyPI login page. The credentials\r\nprovided there were sent to a known JuiceLedger domain: linkedopports[.]com .\r\nPyPi Phishing site.Source: PyPI via Twitter\r\nSome of those phishing attacks appear to have been successful, leading to the compromise of legitimate code\r\npackages whose contributors credentials were compromised.\r\nPyPI also reported that they had found a number of typosquatting packages that conformed to a similar pattern;\r\nJuiceLedger has also used typosquatting to deliver its malicious applications.\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 3 of 11\n\nTyposquatting popular code packages is nothing new. Reports of similar attacks have emerged during the last few\r\nyears, including the CrateDepression campaign targeting Rust developers and recently reported by SentinelLabs.\r\nCompromised packages uploaded by JuiceLedger in the August campaign contain a short code snippet,\r\nresponsible for downloading and executing a signed variant of JuiceStealer. The malicious code added is depicted\r\nbelow.\r\nMalicious code snippet. Source: Checkmarx\r\nThe code snippet added to those packages is quite similar to the ones added in the typosquatting packages.\r\nAccording to PyPI, the malicious code snippets were found on the following packages:\r\n exotel==0.1.6\r\n spam==2.0.2 and ==4.0.2\r\nA look at the code snippet from compromised packages suggests that the actors added an indication of the\r\ncompromised package in the registration URL.\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 4 of 11\n\nA snippet from exotel poisoned code. Source: PyPi via Twitter\r\nJuiceLedger’s August campaign also contained a Ledger-themed fraudulent application. Users of Ledger, a\r\nhardware “cold storage” wallet technology for crypto assets, have been targeted with a digitally-signed version of\r\nJuiceStealer embedded in fake Ledger installation packs.\r\nCertificate used to sign JuiceStealer malware\r\nThe certificate 13CFDF20DFA846C94358DBAC6A3802DC0671EAB2 was used to sign a total of four samples, one of\r\nwhich appears to be unrelated, although all are malicious.\r\nAnalysis of JuiceStealer Malware\r\nJuiceLedger’s infostealer, dubbed JuiceStealer, is a relatively simple .NET application, internally named “meta”.\r\nFirst indications of the stealer started emerging in February this year. Over several iterations, the infostealer was\r\nembedded in a number of fraudulent applications and installers.\r\nPython Installers\r\nThe first version of JuiceStealer ( d249f19db3fe6ea4439f095bfe7aafd5a0a5d4d2 ), uploaded to VirusTotal on\r\nFebruary 13, appears to be incomplete and may be a test submitted by the developers. It is the first in a set of\r\nvariants mimicking Python installers.\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 5 of 11\n\nThis sample iterates over processes containing the word “chrome”, shuts them down and then searches for Google\r\nChrome Extension log files. The infostealer iterates over logs that contain the word “vault”, possibly searching for\r\ncryptocurrency vaults, and reports back to an embedded C2 server over HTTP.\r\nprivate static void Main(string[] args)\r\n{\r\n Console.WriteLine(\"Please wait while Python installs...\");\r\n string[] directories = Directory.GetDirectories(\"C:\\\\Users\\\\\" + Environment.UserName + \"\\\\AppData\\\\\r\n foreach (Process process in Process.GetProcessesByName(\"chrome\"))\r\n process.Kill();\r\n Thread.Sleep(2500);\r\n Console.WriteLine(\"Python is almost ready...\");\r\nA fully fledged version of the fraudulent installer was submitted a few days later as part of a zip file named\r\n“python-v23.zip” ( 1a7464489568003173cd048a3bad41ca32dbf94f ), containing a newer version of the infostealer,\r\na legitimate Python installer and an instruction file, “INSTRUCTIONS.exe”.\r\nFake Python installer instructions file\r\nThis version of the infostealer introduces a new class, named ‘Juice’ (hence the name), and also searches for\r\nGoogle Chrome passwords, querying Chrome SQLite files. It also launches a Python installer contained in the zip\r\nnamed “config.exe”. Naming legitimate software “config.exe” appears to be common in various JuiceStealer\r\nvariants.\r\nLike many of the JuiceStealer samples we analyzed, it was compiled as a self-contained .NET app. This makes\r\nthe files significantly larger.\r\nA pdb path common to many earlier versions of the JuiceStealer contains the user name “reece” and internal\r\nproject name “meta”.\r\nC:\\Users\\reece\\source\\repos\\meta\\meta\\obj\\Release\\netcoreapp3.1\\win-x86\\meta.pdb\r\nEvolution of JuiceStealer\r\nPivoting off the pdb paths observed, we were able to link additional activities to JuiceLedger. Those, together\r\nwith our additional findings of the development phases of JuiceStealer, suggest the group began operating in late\r\n2021.\r\nPre-JuiceStealer Fake Installers\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 6 of 11\n\nOn January 30, a set of three fake installers compiled as self-contained applications were uploaded to VirusTotal\r\nfrom the submitter f40316fe, located in GB. The same submitter also uploaded the first variant of JuiceStealer,\r\nwhich also appears to be a test. All the fake installers had a similar pdb path, containing the username “reece”,\r\nand appear to be the threat actor’s first iterations of the JuiceStelaer.\r\nC:\\Users\\reece\\source\\repos\\install-python\\install-python\\obj\\Release\\netcoreapp3.1\\win-x86\\install-p\r\nNowblox Scam Website\r\nThroughout the research, we came across a possible connection to Nowblox, a scam website that operated in\r\n2021, offering free Robux. Several applications named “Nowblox.exe” were systematically uploaded to\r\nVirusTotal from submitters in GB, all with the following pdb path:\r\nC:\\\\Users\\\\reece\\\\source\\\\repos\\\\Nowblox\\\\Nowblox\\\\obj\\\\Debug\\\\Nowblox.pdb\r\nWhile the path on its own is not a very strong indication, we came across another link to Nowblox in our research,\r\nin the form of a file named “NowbloxCodes.iso”( 5eb92c45e0700d80dc24d3ad07a7e2d5b030c933 ). The use of an\r\nISO file might suggest it was sent out in a phishing email, as ISO files have become a popular attack vector for\r\nbypassing email security products. However, we have no data to validate this.\r\nThe file contains an LNK file ( e5286353dec9a7fc0c6db378b407e0293b711e9b ), triggering the execution of an\r\nobfuscated PowerShell command, which in turn runs mstha to load an .HTA file from\r\nhxxps://rblxdem[.]com/brace.hta , which is currently offline.\r\nThe domain rblxdem[.]com is hosted on 45.153.35[.]53 , which was used to host several Ledger phishing\r\ndomains as well as a JuiceStealer C2 domain thefutzibag[.]com , providing another possible link to\r\nJuiceLedger.\r\nFraudulent Apps – The Tesla Trading Bot\r\nOver time, JuiceLedger operators started using direct crypto-themed fraudulent applications, among them, an\r\napplication they named “Tesla Trading bot”. Delivered in a similar scheme to the Python installer, it was\r\nembedded within a zip file with additional legitimate software. The JuiceStealer has evolved significantly during\r\nthis period, adding support both for additional browsers as well as Discord.\r\nThe embedded instructions message is very similar to the one found in the fake Python installer, prompting users\r\nto disable their security solutions.\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 7 of 11\n\nJuiceLedger installer urges users to bypass their own security\r\nWhile the delivery mechanism remains unclear, it seems JuiceLedger operators maintained a website for the fake\r\ntrading bot, prompting users to download the fraudulent application.\r\nDownload site for malicious Tesla Trading bot\r\nPyPI Response\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 8 of 11\n\nPyPI have stated that they are actively reviewing reports of malicious packages and have taken down several\r\nhundred typosquats. Package maintainers are urged to use 2FA authorization on their accounts where available and\r\nto confirm that the URL in the address bar is http://pypi.org when entering credentials. Users can also check\r\nthat the site’s TLS certificate is issued to pypi.org .\r\nMaintainers who believe they may have been victim of a JuiceLedger attack are advised to reset passwords\r\nimmediately and to report any suspicious activity to security@pypi.org.\r\nConclusion\r\nJuiceLedger appears to have evolved very quickly from opportunistic, small-scale infections only a few months\r\nago to conducting a supply chain attack on a major software distributor. The escalation in complexity in the attack\r\non PyPI contributors, involving a targeted phishing campaign, hundreds of typosquatted packages and account\r\ntakeovers of trusted developers, indicates that the threat actor has time and resources at their disposal.\r\nGiven the widespread use of PyPI and other open source packages in enterprise environments, attacks such as\r\nthese are a cause of concern and security teams are urged to review the provided indicators and take appropriate\r\nmitigation measures.\r\nIndicators of Compromise\r\nFake Python installers\r\n90b7da4c4a51c631bd0cbe8709635b73de7f7290\r\ndd569ccfe61921ab60323a550cc7c8edf8fb51d8\r\n97c541c6915ccbbc8c2b0bc243127db9b43d4b34\r\nf29a339e904c6a83dbacd8393f57126b67bdd3dd\r\n71c849fc30c1abdb49c35786c86499acbb875eb5\r\n2fb194bdae05c259102274300060479adf3b222e\r\nNowblox ISO file\r\n5eb92c45e0700d80dc24d3ad07a7e2d5b030c933\r\ne5286353dec9a7fc0c6db378b407e0293b711e9b\r\nCryptoJuice Samples\r\nSHA1 Submission Date Domain\r\ncbc47435ccc62006310a130abd420c5fb4b278d2 2022-08-24 11:00:45 linkedopports[.]com\r\n8bbf55a78b6333ddb4c619d615099cc35dfeb4fb 2022-08-24 10:59:40 linkedopports[.]com\r\nbac2d08c542f82d8c8720a67c4717d2e70ad4cd9 2022-08-23 21:34:01 linkedopports[.]com\r\n567e1d5aa3a409a910631e109263d718ebd60506 2022-08-23 21:33:58 linkedopports[.]com\r\n1e697bc7d6a9762bfec958ee278510583039579c 2022-08-23 21:32:31 linkedopports[.]com\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 9 of 11\n\nea14f11e0bd36c2d036244e0242704f3cf721456 2022-08-20 13:29:20 ledgrestartings[.]com\r\n5703ed6565888f0b06fffcc40030ba679936d29f 2022-08-20 13:25:59 ledgrestartings[.]com\r\ncd0b8746487d7ede0ec07645fd4ec655789c675b 2022-08-18 08:43:43 python-release[.]com\r\nd3ed1c7c0496311bb7d1695331dc8d3934fbc8ec 2022-08-18 08:33:28 python-release[.]com\r\n0a6731eba992c490d85d7a464fded2379996d77c 2022-08-18 08:32:00 python-release[.]com\r\na30df748d43fbb0b656b6898dd6957c686e50a66 2022-08-08 00:10:52 python-release[.]com\r\n52b7e42e44297fdcef7a4956079e89810f64e113 2022-08-08 00:07:36 python-release[.]com\r\naa8c4dffeeacc1f7317b2b3537d2962e8165faa2 2022-08-05 10:19:20 thefutzibag[.]com\r\na6348aea65ad01ee4c7dd70b0492f308915774a3 2022-08-05 10:06:04 thefutzibag[.]com\r\nb305c16cb2bc6d88b5f6fe0ee889aaf8674d686e 2022-05-04 03:15:56 ledge-pc[.]com\r\n666e5554ccdafcb37a41f0623bb9acc53851d84f 2022-04-06 10:45:39 trezsetup[.]com\r\n463897fa2dd2727a930b8f3397d10a796b6aa0d6 2022-04-06 10:38:24 trezsetup[.]com\r\ne2e239f40fdb2e5bf9d37b9607b152f173db285c 2022-03-30 04:58:00 axiesinfintity[.]com\r\nc0e3c2436e225f7d99991a880bf37d32ff09c5bd 2022-03-27 18:14:18 axiesinfintity[.]com\r\n6f3c5a06d1a53fac45182e76897e7eab90d4a186 2022-03-22 09:08:18 campus-art[.]com\r\nbd7eb97b3dc47e72392738d64007df5fc29de565 2022-03-21 15:10:01 campus-art[.]com\r\nde4596669f540b8bd34aa7cbf50e977f04f3bba3 2022-03-20 22:07:30 teslatradingbot[.]com\r\n55ba11f522532d105f68220db44392887952e57b 2022-03-14 05:02:04 barkbackbakery[.]com\r\n9e9c6af67962b041d2a87f2abec7a068327fa53a 2022-03-13 05:01:47 barkbackbakery[.]com\r\ned9a4ce2d68d8cc9182bb36a46d35a9a8d0510cb 2022-03-06 23:21:48 capritagworld[.]com\r\nf10006f7b13e4746c2293a609badd2d4e5794922 2022-03-06 23:14:04 capritagworld[.]com\r\nf07954ba3932afd8ad7520c99a7f9263aa513197 2022-03-06 17:29:24 teslatradingbot[.]com\r\n56e3421689d65e78ff75703dd6675956b86e09e8 2022-03-05 22:53:42 ideasdays[.]com\r\n004c66532c49cb9345fc31520e1132ffc7003258 2022-03-05 21:01:36 ideasdays[.]com\r\n6fe5f25205679e148b7b93f1ae80a659d99c7715 2022-03-04 18:35:32 teslatradingbot[.]com\r\n964e29e877c65ff97070b7c06980112462cd7461 2022-03-02 02:08:58 teslatradingbot[.]com\r\n225638350f089ee56eae7126d048b297fce27b7d 2022-02-28 19:30:23 hitwars[.]com\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 10 of 11\n\n9fb18a3426efa0034f87dadffe06d490b105bda3 2022-02-28 19:23:51 hitwars[.]com\r\na78dd3cd9569bd418d5db6f6ebf5c0c5e362919b 2022-02-18 22:53:42 barkbackbakery[.]com\r\nd249f19db3fe6ea4439f095bfe7aafd5a0a5d4d2 2022-02-13 07:10:09 barkbackbakery[.]com\r\nSource: https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nhttps://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/\r\nPage 11 of 11\n\nCryptoJuice SHA1 Samples Submission Date Domain\ncbc47435ccc62006310a130abd420c5fb4b278d2 2022-08-24 11:00:45 linkedopports[.]com\n8bbf55a78b6333ddb4c619d615099cc35dfeb4fb 2022-08-24 10:59:40 linkedopports[.]com\nbac2d08c542f82d8c8720a67c4717d2e70ad4cd9 2022-08-23 21:34:01 linkedopports[.]com\n567e1d5aa3a409a910631e109263d718ebd60506 2022-08-23 21:33:58 linkedopports[.]com\n1e697bc7d6a9762bfec958ee278510583039579c 2022-08-23 21:32:31 linkedopports[.]com\n Page 9 of 11",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://www.sentinelone.com/labs/pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks/"
	],
	"report_names": [
		"pypi-phishing-campaign-juiceledger-threat-actor-pivots-from-fake-apps-to-supply-chain-attacks"
	],
	"threat_actors": [
		{
			"id": "4cef49db-dec5-45ae-adcd-b0c0b5da5556",
			"created_at": "2024-06-25T02:00:05.040596Z",
			"updated_at": "2026-04-10T02:00:03.659539Z",
			"deleted_at": null,
			"main_name": "JuiceLedger",
			"aliases": [],
			"source_name": "MISPGALAXY:JuiceLedger",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434757,
	"ts_updated_at": 1775791846,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f485faa5d89d9a7c56e97de4f3a3adf28ec42add.pdf",
		"text": "https://archive.orkl.eu/f485faa5d89d9a7c56e97de4f3a3adf28ec42add.txt",
		"img": "https://archive.orkl.eu/f485faa5d89d9a7c56e97de4f3a3adf28ec42add.jpg"
	}
}