A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed.
The package, named “parsimonius,” was crafted to look almost identical to the widely used “parsimonious” library, a popular Python tool for building expression grammar parsers.
The single missing letter was no accident. It was a calculated move designed to trick developers into installing the wrong package without realizing it.
The attack relied on a technique called typosquatting, where a threat actor registers a package name that closely resembles a trusted one.
To make things worse, the attacker assigned the malicious package a version number that appeared newer than the legitimate release.
This made developers even more likely to install it, especially those relying on automated dependency resolution or who simply did not verify the full package name before clicking install.
Security analysts at Zscaler ThreatLabz identified the malicious package and shared their findings in a report with Cyber Security News (CSN).
According to the report, the package had already been downloaded 2,474 times before it was pulled from the repository.
That number, reached within just a matter of days, highlights how quickly supply chain attacks can cause widespread exposure across developer environments.
What made this campaign particularly crafty was how the attacker masked the malicious intent. The package actually included the real parsimonious parsing functionality, so developers using it would see completely normal behavior on the surface.
ThreatLabz identified a malicious Python package in PyPI named "parsimonius" that was designed to impersonate the legitimate parsimonious package through typosquatting. The threat actor selected a package name differing by a single character and assigned it a version number… pic.twitter.com/fVTG3bXiuJ
— Zscaler ThreatLabz (@Threatlabz) June 4, 2026
Underneath that legitimate facade, however, a Telegram-based backdoor was silently being deployed across every affected system.
Once the backdoor was active, attackers gained remote access to compromised environments and could harvest sensitive data directly from victims.
Their focus was specifically on .env files and bot authentication tokens, both of which are commonly packed with credentials, API keys, and secrets that open doors to much wider infrastructure access.
Hackers Publish Malicious Python Package
The malicious package was set up to operate on two levels at the same time. On the visible level, it behaved like a fully working parser library, keeping developers completely unsuspicious during normal use.
On the hidden level, it established communication with a Telegram bot, using the messaging platform as a command and control channel to receive instructions and quietly send stolen data out of the environment.
Using Telegram as a backdoor channel is a growing trend among threat actors because the platform is widely trusted and its traffic is far less likely to be flagged by standard network monitoring tools.
This makes it an attractive option for data exfiltration without triggering security alarms. Once established, the backdoor gave the attacker persistent remote access to every system where the package had been installed.
The version number was also chosen strategically. By setting it to appear more current than the real parsimonious package, the attacker increased the odds that automated tools or developers searching for the latest release would pull the malicious version without a second look.
Telegram-Based Backdoor and Data Theft Risks
The data targeted in this campaign was far from random. Focusing on .env files and bot tokens points to a deliberate effort to access broader infrastructure.
A single stolen .env file can expose database passwords, cloud service credentials, and secret keys that let attackers move laterally across entire systems or connected services.
Bot authentication tokens are equally dangerous in the wrong hands. Attackers who obtain them can take full control of bots embedded in business workflows, automated pipelines, or customer-facing services.
The downstream damage from that level of access can extend well beyond the original compromised machine.
Developers are strongly encouraged to always verify the exact spelling of any package name before installation. Using dependency audit tools that flag suspicious or newly registered packages adds a meaningful layer of defense.
Organizations should also rotate credentials immediately if a supply chain compromise is suspected and limit what sensitive data lives inside .env files in the first place.
Indicators of Compromise (IoCs):-
| Type | Indicator | Description |
|---|---|---|
| SHA1 Hash | a01c2a21f24db63cb01a67016519aebeca438089 |
SHA1 hash of the malicious “parsimonius” PyPI package |
| Package Name | parsimonius |
Malicious typosquatted Python package on PyPI impersonating “parsimonious” |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser appeared first on Cyber Security News.
