On a given day, a Python developer might be asked to create an application for your employer, design the framework for your code, build tools as necessary to get the job done, create websites and integrable systems, or publish new services. Some Python developers work as independent contractors, while others are exclusive to one company. Like most positions revolving around programming languages, the specifics of this job vary based on the needs of your employer. 

Recently, news has been making rounds that clipper malware has been found in about 450+ Python Package Index (PyPI). Well, this is bound to take the IT industry by storm. Wondering why? Well, Cybertech is here to tell you everything about it. So, get, set, and read!

What is Clipper malware?

First things first, before we strike the gong by deciphering how this news tends to impact Python developers all around the globe. It is imperative to know what this clipper malware is. 

Well, Clipper malware is a Trojan Horse known for its ability to steal currencies from the affected system by stealing or manipulating the data on the Windows clipboard. Usually, a system affected by the Clipper malware sees augmentations and frequent modifications in the information on the clipboard. This happens because the information is being sent to the attacker’s server.

The clipper malware can arrive at a system via different methods. Posing as an application that enables the use of crypto-currencies, and being installed by a Trojan.Droppers are the most common ones. 

The Malicious Clipper makes News!

Recently, Phylum, a software supply chain security company, has spotted the presence of clipper malware in 451 unique Python packages on the official Python Package Index (PyPI) repository of one of the world’s most demanding programming languages. Some malicious actors have published them in an attempt to infect developer systems with clipper malware. It is noteworthy that this is a part of the ongoing activity which is a follow-up to a campaign that was initially disclosed in the month of November 2022. The initial vector entails using typo squatting to mimic popular packages such as Beautiful Soup, Bitcoinlib, crypto feed, Matplotlib, Pandas, Pytorch, Scikit-learn, Scrappy, Selenium, Solana, And Tensor flow, among others.

Read More: 8 Best Wordpress Hosting Websites in India

"After installation, a malicious JavaScript file is dropped to the system and executed in the background of any web browsing session," Phylum said in a report published last year. "When a developer copies a cryptocurrency address, the address is replaced in the clipboard with the attacker's address."

This is achieved by creating a Chromium web browser extension in the Windows AppData folder and writing to it the rogue JavaScript and a manifest. Son file that requests users' permissions to access and modify the clipboard. Targeted web browsers include Google Chrome, Microsoft Edge, Brave, and Opera, with the malware modifying browser shortcuts to load the add-on automatically upon launch using the "--load-extension" command line switch.

The latest set of Python packages exhibits a similar, if not the same, modus operandi, and is designed to function as a clipboard-based crypto wallet replacing malware. What's changed is the obfuscation technique used to conceal the JavaScript code.

The ultimate goal of the attacks is to hijack cryptocurrency transactions initiated by the compromised developer and reroute them to attacker-controlled wallets instead of the intended recipient. "This attacker significantly increased their footprint in PyPI through automation," Phylum noted. "Flooding the ecosystem with packages like this will continue." 

The findings coincide with a report from Son type, which found 691 malicious packages in the npm registry and 49 malicious packages in PyPI during the month of January 2023 alone.

How will it be impacting the community of Python developers?

Though there are many jobs in tech that use Python as one of the major programming languages including software engineer, web developer, data scientist, and business analyst — a dedicated Python Developer will be expected to understand the language at a higher level and be capable of using Python to accomplish any number of tasks, including but not limited to data collection and analytics, database creation, web development, and design, scripting, and automation. A Python developer often works in close collaboration with data collection and analytics to create useful answers to questions and provide valuable insight. Now, since Python is being used in web development, machine learning, AI, scientific computing, and academic research, the involvement of sensitive information has risen by manifolds. Its popularity can be credited to the growing data science community embracing artificial intelligence and machine learning. Industries like education, healthcare, and finance are using machine-learning applications to innovate their organizations.

This brings us to the indelible impact a Clipper Malware present in the PyPI packages can leave on a system. 

It is to be noted that Python is one of those programming languages that is widely used by the Big Tech - FAANG (Facebook, Amazon, Apple, Netflix, and Google), Reddit, YouTube, Instagram, and more. Specifically, Spotify uses Python within its back-end services, capturing user data to provide accurate recommendations and playlists. Dropbox, meanwhile, uses Python scripts to create its native applications on each platform (Windows, macOS, Linux, iOS, Android, etc.)

Read More: How to Secure a Job in Cybersecurity: Tips from Experts

The Key Victims of Clipper

While all the users of the language will get affected by the Trojan, some are likely to be drastically hit by it. Here’s the list of the key victims:

• Data Analyst

Data analysts collect, organize, and interpret data to create actionable insights. To accomplish this, Data analysts must collect large amounts of data, sift through it, and assemble key sets of data based on the organization’s desired metrics or goals. A data analyst uses Python libraries to carry out data analysis, parse data, analyze datasets, and create visualizations to communicate findings in a way that’s helpful to the organization. This very process can get affected by the Clipper malware.

• Data Scientist

Data scientists have a more complex skill set than data analysts, combining computer science, mathematics, statistics, and modeling with a strong understanding of their business and industry to unlock new opportunities and strategies. Data scientists are not only responsible for analyzing data but often also using machine learning, developing statistical models, and designing data structures for an organization. Hence, they can be the top prey of Clipper.

• Machine Learning Engineer

Beyond data analysis lies the art of machine learning which is a subset of data science and artificial intelligence. Machine learning engineers perform statistical analysis and implement machine learning algorithms that can be used in AI. Machine learning engineers are also responsible for taking theoretical data science models and helping scale them to production-level models capable of handling terabytes of real-time data. This data can be extracted maliciously by Clipper.

Clipper’s impact on a variety of Python tools

Clipper’s interception in the usual functioning of Python Package Index (PyPI) can be termed as a disaster since it can impact some of the major tools of one of the most lucrative programming languages of the world:

• Data Science Python tools

Scikit-Learn is an open-source tool that Python developers, machine learning engineers, and data scientists all swear by for data mining and data analysis. Written in Python, Keras is a high-level neural network library that is easy to use and well-suited to machine learning and deep learning. Theano is a Python library useful for evaluating math computations that integrate tightly with NumPy. And SciPy is used for technical and scientific computing. Clippers can steal columns of sensitive data from this.

• Automation testing Python tools

Selenium is beloved for good reason, as it allows a Python developer to write scripts in many other languages, including C#, PHP, Perl, Ruby, and Java. Selenium also allows you to perform tests from any browser in all three major operating systems. Robot Framework is also open-source, a generic test automation framework designed for acceptance testing that works not just for web apps, but also iOS and Android test automation. Like Robot Framework, TestComplete is an automation testing software, but it requires a commercial license. Tech experts fear the intrusion of Clipper in scripts that can be seamlessly obtained with the help of Selenium.

• Web scraping Python tools

LXML is a feature-rich, Python-based tool for C libraries. Beautiful Soup is a time-saving Python library that is used for projects like screen-scraping. And Scrapy is an open-source framework written in Python that crawls web pages and extracts data from them. Now, data extraction is the main kill of Clipper.

The development once again illustrates the growing threat developers face from supply chain attacks, with catastrophic consequences relying on methods like typosquatting to trick users into downloading fraudulent packages.