How Socket Protects Against Revival Hijacking Attacks on PyPI

A recent blog post from JFrog highlights a "revival hijack" technique that targets Python packages that have been removed from PyPI’s index by their original owner. Attackers take advantage of the fact that once a package is removed, it can be registered again with the same name, allowing them to introduce malicious versions of previously trusted packages.

It’s surprising that this hasn’t led the Python ecosystem to suffer a left-pad style incident. For motivated threat actors, the ability to re-register deleted package names opens up a new supply chain attack technique. JFrog estimates over 22,000 packages are at risk.

PyPI Lacks a Mechanism for Deprecating Published Projects#

One of the reasons Python package authors delete their packages is because PyPI doesn’t have an official way of deprecating a package. Package authors can delete individual releases or an entire project, but this makes the name available and doesn’t leave a trail of information on what happened. Alternatively, package authors can create a redirect package if there’s an alternative, or intentionally fail the package during install with a message for what users should use instead.

The Python ecosystem could benefit from an official way to move people off of unsupported projects. A 2022 discussion on Python.org proposed a mechanism for deprecating published projects similar to what npm uses, but after two years the discussion appears to have fizzled out.

Socket's Defense Against Revival Hijacking Attacks#

Unlike typosquatting, which relies on human error and confusion, the Revival Hijacking method JFrog outlined relies on developers updating to newer versions of their dependencies without analyzing the code.

This is where Socket can provide protection by continuously monitoring package behavior, scanning for unusual patterns or malicious intent. Socket's AI-driven approach ensures that any suspicious changes in re-registered packages are flagged and blocked before they can infiltrate a project’s supply chain.

Note: Python package names are reusable but not the version numbers, so the attacker must release a new version in order to introduce malicious code.

Unlike traditional security scanning tools, Socket analyzes the actual code of new or updated dependencies in order to detect supply chain risks. If a previously inactive or abandoned package suddenly releases a new update, Socket scans it and will alert on anything that appears to be malicious.

Our AI-powered threat analysis analyzes code behavior to detect any unexpected changes, such as network requests, file writes, hidden telemetry, or other suspicious activities often associated with hijacked packages. This approach goes beyond static code analysis to catch signs of hidden malware or unwanted behavior before they affect production environments.

JFrog counted approximately 120K packages that can be hijacked, but applied additional filters (more than 100K downloads OR active for 6+ months) to get the estimate of 22K packages susceptible to revival hijacking. Hundreds of PyPI packages are removed every month, which means this threat continues to grow as more packages become vulnerable to re-registration by malicious actors.

As a proactive measure, JFrog created an account called security_holding, which mimics npm’s method of replacing malicious packages with empty benign ones. They “safely hijacked” the most downloaded deleted package names and replaced them with empty packages. In just a few days, these hijacked packages received more than 200K downloads.

This was a gesture of goodwill but PyPI users cannot rely on a security holding account to safely hijack susceptible package as their only mechanism of protection. Susceptible packages can be quickly compromised after deletion, the moment before a PyPI user is looking to download an update. In this case, Socket will prevent installation of compromised packages.

Revival hijack attacks are a serious threat in the Python open-source ecosystem, but Socket’s advanced monitoring, scanning, and blocking mechanisms can effectively protect developers from these risks. If you’re not yet using our free GitHub app, you can install it with just 2-clicks and start protecting your dependencies from hijacking and other forms of supply chain attacks.