Malicious 'botaa3' Package Discovered on PyPI, Targeting 'boto3' Users

A sneaky 'botaa3' package tried to trick 'boto3' users. It contained hidden malware and could have caused serious harm. Luckily, it was caught and removed quickly.

, and Administrator

2025 October 3 . 11:29 PM

1 min read

This picture contains a box which is in red, orange and blue color. On the top of the box, we see a... — This picture contains a box which is in red, orange and blue color. On the top of the box, we see a robot and text written as "AUTOBOT TRACKS". In the background, it is black in color and it is blurred.

Malicious 'botaa3' Package Discovered on PyPI, Targeting 'boto3' Users

A malicious package named 'botaa3' was discovered on the Python Package Index (PyPI) repository on November 18, 2021. Sonatype's automated systems spotted the threat, which was swiftly removed by PyPI's security team. The package, published by 'Shh Not Cool Bro' the previous day, was a typosquatting attempt to mimic 'boto3', a popular AWS SDK for Python.

Sonatype's automated malware detection systems flagged the 'botaa3' package due to its suspicious contents. Upon investigation, it was found to contain a base64-encoded payload, further scrambled using bitwise XOR encryption. Decrypting the payload revealed around 1060 lines of code that established a secure connection to an attacker's command-and-control (C2) server at 'install.pypi-installer[.]com'.

The malicious package was designed to perform various tasks on infected machines, including directory traversal, file upload/download, environment variable retrieval, and spawning reverse shells. It was also capable of exfiltrating system details to the C2 server and executing commands received from the attacker. The package was cataloged as sonatype-2021-3445 and reported to PyPI by Sonatype's security research team. Despite being available for only a few hours, it was estimated to have been downloaded around 130 times.

The 'botaa3' package was taken down by the PyPI security team within hours of Sonatype's report. Sonatype Repository Firewall, powered by Sonatype Intelligence, helped protect software builds from this threat. Although the specific reason for the package's release remains unknown, users are advised to be cautious when installing packages from PyPI and to verify the authenticity of packages before use.

Latest

In this image, we can see an advertisement contains robots and some text.

Finance

UBA's Role in Consumer Protection: Enforcing EU Regulations Against Unfair Practices

The UBA's 'VS' unit works closely with European authorities to protect consumers' collective economic interests. It conducts market checks and enforces regulations, ensuring businesses meet legally prescribed criteria.

, and Administrator

2025 October 9

Smart-home-devices

Swatch & Omega Launch Limited MoonSwatch: A Hunter's Moon Homage

Get ready for a unique timepiece! The MoonSwatch, a collaboration between Swatch and Omega, is a deep blue Bioceramic watch with a moon phase display and special Snoopy illustrations, available for a limited time only.

, and Administrator

2025 October 9

In this picture we can see a web page, in the web page we can find some text and a machine.

Industry

Optus Data Breach Exposes 11.2M Customers, 3.66M Licence Numbers

Optus' API vulnerability led to a massive data leak. Now, 11.2 million customers face potential identity theft.

, and Administrator

2025 October 9

This is a presentation and here we can see vehicles on the road and we can see some text written.

Automotive

Porsche's Cayenne Electric: High-Performance SUV Arrives by End of 2025

Porsche's first electric SUV promises stunning power and range. The Cayenne Electric is ready to take on the world, both on and off-road.

, and Administrator

2025 October 9

Malicious 'botaa3' Package Discovered on PyPI, Targeting 'boto3' Users

Malicious 'botaa3' Package Discovered on PyPI, Targeting 'boto3' Users

Read also:

Related

Latest