Malicious PyPI package disguised as SentinelOne SDK to deliver info-stealing malware

An unknown threat actor created a malicious Python package on PyPI that appears to be a software development kit (SDK) for a well-known SentinelOne security client but steals data from developers in the latest supply chain attack.

The Python package was initially uploaded on December 11 and received approximately 20 updates over the next two days. The module has nothing to do with the legitimate threat detection firm, but it takes advantage of its brand reputation to attract unsuspecting victims.

The package contains backdoor code meant for data theft from development systems, including credentials, configuration data, and SSH keys. It appears to be a fully-functional SentinelOne client – the malicious SDK appears to be built on top of legitimate SentinelOne code. The package is part of a malicious campaign dubbed “SentinelSneak” by ReversingLabs.

The phoney ‘SentinelOne’ package includes “” files containing malicious code that steals and uploads data to an IP address ( that does not belong to SentinelOne’s infrastructure.

Five additional malicious packages with similar names were published by threat actors; these modules did not contain files with malicious functionality, implying they were used for testing purposes. The malicious versions of the package had been downloaded over 1,000 times on PyPI, according to the experts.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web