Malicious packages found to be typo-squatting in Python Package Index

Two malicious packages were removed from the Python Package Index (PyPI) this week. These packages, jeIlyfish (a misspelling of the package jellyfish only noticeable when using certain fonts) and python3-dateutil (impersonating the popular dateutil package), were taking advantage of something called “typo-squatting”. Typo-squatting occurs when a malicious package is uploaded with a name similar to a common package in an attempt to get users to download the malicious version.

This post will summarize what is known about the packages, detail what is good and bad about the situation, and share relevant lessons associated with this incident. You can also find more information in our vulnerability database here and here.

What is known

The exploit is part of the jeilyfish package. The python3-dateutil package has the jeilyfish library as a sub dependency. The exploit is not currently fully understood, but it appears to steals SSH and GPG keys from infected machines and sends them to a remote server. Both packages have been removed from PyPI.


Bad news

  • The jeilyfish library has been on PyPI for nearly a year
  • Because the nature of the exploit is not fully understood, its impact on those who have downloaded it is difficult to estimate
  • Both malicious packages included all the functionality of the packages they were impersonating, meaning it would be easy to accept the malicious packages as correct
  • Typo-squatting has been a problem for many package managers, not just PyPI, and is likely to remain a problem

Good news

  • The number of downloads for the libraries is relatively low, maybe a few hundred people have been compromised
  • The python3-dateutil package has only been on PyPI for a couple of days
  • Both malicious libraries have been removed
  • It is easy to check your project for either vulnerability, Snyk is free to use and can tell you if your project is compromised

Lessons going forward

  • Always be careful when downloading packages, be precise about spelling, and never guess a package name
  • Typo-squatting can inject malicious packages through indirect dependencies, which can be hard to spot
  • Keep an eye on your dependency tree, it is important to know what you are using so you can spot problems when they occur


Malicious packages within popular open source repositories have become increasingly common. If you believe you found a potential malicious package, you can report this to Snyk via our open source packages disclosure policy: