Developers are being hacked by the malicious ‘SentinelOne” PyPI package

PyPI has been compromised by malicious Python packages. One of them, titled ‘SentinelOne’, is a fake SDK client to the American cybersecurity firm. However, it steals developers’ data.

This package provides the desired functionality. It allows you to access the SentinelOne API within another project. This package was trojanized in order to steal sensitive information from compromised development systems.

ReversingLabs discovered the attack and reported it to SentinelOne, PyPi and SentinelOne. This led to the package being removed.

Trojanized SDK client

On December 11, 2022 the malicious SentinelOne package appeared for the first-time on PyPI. It has since been updated twenty times.

SentinelOne package on PyPI


Researchers believe that the package was a duplicate of SentinelOne SDK Python client. The threat actor then performed updates to fix and improve the malignant functionality.

ReversingLabs further examined the package and discovered that it contained “”, malicious code which steals and uploads data at the IP address ( This is not SentinelOne infrastructure.

The two malicious files in the trojanized package


The malicious code is information-stealing malware and exports developer-related data to all home directories. These data include Bash and Zsh history, SSH keys and.gitconfig files.

These folders often contain secrets and auth tokens and API keys. It is possible that the threat actor targets developers environments to gain further access their cloud services.

We see malicious code to collect information about the execution of shell commands as well as contents of the folder.ssh containing configuration information and ssh keys, as well as access credentials, secrets and secret information related to Git and Kubernetes.” – ReversingLabs.

The data exfiltration code


An additional issue discovered by the analysts was that the early versions of the fake package were not able to run the data collection module on Linux systems. This problem was resolved in the later versions.

ReversingLabs reported that five more packages with similar names were uploaded by the exact same authors in December 8, 11 and 2022. These packages did not contain the files so it is likely that they were used as testing.

PyPI has received over 1000 downloads of all the malware packages that are maliciously information-stealing.

ReversingLabs’ researchers could not determine from the evidence if this package was used in attacks.