Phylum Discovers Malicious Package Lurking in Popular “requests” Library

Security researchers from Phylum have discovered a malicious package in the popular PyPI repository, masquerading as the well-known library “requests,” but posing a significant threat to the entire developer community.

The package, named “requests-darwin-lite,” utilized steganography and was downloaded 417 times before it was removed from the platform. It was a fork of the popular “requests” library, embedded with a malicious Go-based binary. The attackers concealed it within a PNG logo used in the tool’s interface.

ShadowHammer supply-chain attack

Modifications were made to the package’s “” file, which was configured to decode and execute a Base64-encoded command to collect the UUID (unique device identifier). The infection activates only if the UUID matches a specific value, indicating an attempt to infiltrate a particular device. This suggests either a targeted attack or narrow testing before a larger campaign.

If the UUID matches the required value, “requests-darwin-lite” begins extracting data from a PNG file named “requests-sidebar-large.png,” which is significantly larger than the corresponding file in the legitimate package—approximately 17 MB compared to 300 KB.

The data hidden in the image contains the Golang-based Sliver framework, typically used by cybersecurity professionals for red team operations. The ultimate objectives of this package remain unclear; however, this incident underscores the ongoing attraction of open-source ecosystems for malicious actors to disseminate malware.

Steganography is not a novel attack method. It is frequently used by various malicious entities. For instance, last week, we reported on how a simple image posted in the comments section of an international site posed a threat to users for over three years, as it contained malicious code leading to an external website.

Additionally, the persistent influx of malware into registries such as npm and PyPI, alongside the recent incident with XZ Utils, highlights the urgent need to address the systemic issue of repository compromises. This vulnerability can be exploited by malicious actors in large-scale, multi-layered supply chain attacks.