ClickCease Python Developers Targeted Via Fake Crytic-Compilers Package

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Python Developers Targeted Via Fake Crytic-Compilers Package

Wajahat Raja

June 21, 2024 - TuxCare expert team

As per recent reports, cybersecurity experts uncovered a troubling development on the Python Package Index (PyPI) – a platform used widely by developers to find and distribute Python packages. A malicious package named ‘crytic-compilers‘ was discovered, mimicking the legitimate ‘crytic-compile’ library developed by Trail of Bits. This fraudulent package was designed with sinister intent: to deploy an information-stealing malware known as Lumma.


The Deceptive Tactics – Crytic-Compilers

Ax Sharma, a researcher at Sonatype, identified ‘crytic-compilers’ as a typosquatting version of ‘crytic-compile’. Typosquatting involves creating malicious packages with names similar to legitimate ones, relying on users mistyping the intended package names during installation. 

In this case, the fake python packages not only imitated the name but also aligned its version numbers with the legitimate library’s latest release, creating an illusion of being an updated version.

Malicious Crytic-Compilers package


The malicious actors behind ‘crytic-compilers’ went beyond mere imitation. Initially, they took advantage of versioning tricks, misleadingly suggesting updates beyond the legitimate library’s latest version. Some versions even managed to install the real package alongside malicious components, camouflaging their true intent.

However, the latest iteration of ‘crytic-compilers’ no longer hides its malicious nature. It includes a Windows-specific executable (‘s.exe’) designed to initiate downloads of additional harmful payloads, notably the Lumma information stealer. 

Lumma, also known as LummaC2, operates under a malware-as-a-service model, enabling other criminals to deploy it for various illicit purposes, including data theft from browsers, cookies, and even cryptocurrency wallets. Software supply chain attacks highlight vulnerabilities in dependency management and underscore the importance of secure development practices.

Implications for Python Developers – Python package security

This discovery underscores a growing trend where cybercriminals target developers through trusted repositories like PyPI. Such repositories are pivotal in the software development lifecycle, making them attractive distribution channels for
Crytic-Compilers malware

Media reports claim that the developers relying on these platforms must remain vigilant, verifying package authenticity and avoiding unofficial or suspiciously named packages. Cybersecurity threats in Python require constant vigilance and proactive measures to safeguard sensitive data and code integrity.

The Lumma Information Stealer

Lumma is a particularly concerning threat due to its capabilities in
stealing sensitive information. It can extract passwords stored in web browsers, credit card details, and cryptocurrency-related data. The availability of Lumma as a service further amplifies its threat, as it allows non-technical criminals to leverage advanced malware capabilities for financial gain.

Security Measures and Recommendations

Protecting Python projects
involves implementing robust security practices and staying updated with the latest threat intelligence. To mitigate the risks associated with malicious packages:


  • Verify Package Authenticity: Always check the package name, author, and version against official sources before installation.
  • Use Trusted Sources: Stick to well-known repositories and official developer channels for downloading packages.
  • Monitor for Suspicious Activity: Regularly monitor system logs and network traffic for any signs of unauthorized access or data exfiltration.
  • Update Security Practices: Stay informed about emerging threats and adjust security protocols accordingly.


The infiltration of ‘crytic-compilers’ into PyPI highlights the evolving sophistication of
Python developers. By understanding these tactics and adopting proactive security measures, developers can safeguard their systems and data against such malicious attacks. As the digital landscape continues to evolve, vigilance and education remain crucial in defending against cyber threats.

The sources for this piece include articles in The Hacker News and Tech Radar.

Python Developers Targeted Via Fake Crytic-Compilers Package
Article Name
Python Developers Targeted Via Fake Crytic-Compilers Package
Discover how Python developers are at risk from the malicious Crytic-Compilers package. Learn to protect your code and data.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter