Software program has been downloaded 30,000 occasions from PyPI-looted developer machines
Open source packages, which were estimated to have been downloaded 30,000 times from the PyPI open source repository, contained malicious code that secretly stole credit card information and credentials and injected malicious code into infected computers, researchers said Thursday.
In a post, researchers Andrey Polkovnichenko, Omer Kaspi and Shachar Menashe of devops software developer JFrog said they recently found eight packages in PyPI that were performing a range of malicious activities. Based on research on https://pepy.tech, a website that provides download statistics for Python packages, the researchers estimate that the malicious packages were downloaded about 30,000 times.
The discovery is the latest in a long line of attacks over the past few years that compromised the receptivity of open source repositories that millions of software developers rely on every day. Despite their critical role, repositories often lack robust security and auditing controls, a vulnerability that can lead to serious supply chain attacks if developers unknowingly infect themselves or incorporate malicious code into the software they publish.
“The continued discovery of malicious software packages in popular repositories like PyPI is an alarming trend that can lead to widespread attacks on the supply chain,” JFrog CTO Asaf Karas wrote in an email. “The ability for attackers to inject malware using simple obfuscation techniques means developers need to be concerned and vigilant. This is a systemic threat that needs to be actively addressed on several levels, both by the maintainers of software repositories and by the developers. “
The researchers thanked the PyPI maintainer Dustin Ingram “for the quick response and removal of the malicious packets” when he was notified. Ingram did not immediately respond to a request for comment.
Different packets of Thursday’s loot performed different types of nefarious activities. Six of them had three payloads, one to collect authentication cookies for Discord accounts, a second to extract passwords or payment card details saved by browsers and the third to collect information about the infected PC, like IP addresses, computer name and username.
The remaining two packets contained malware that attempted to connect to an attacker-determined IP address on TCP port 9009 and then execute the Python code available from the socket. It is now unknown what the IP address was or whether it was hosting malware.
Like most novice Python malware, the packages just used simple obfuscation like Base64 encoders. Here is a breakdown of the packages:
|Noble||xin1111||Discord Token Stealer, Credit Card Thief (Windows based)|
|To suffer||To suffer||Like nobility, veiled by Py armor|
|noblesse2||To suffer||Like nobility|
|noblessev2||To suffer||Like nobility|
|pytagora||leonora123||Remote code injection|
Karas told me that the first six packages could infect the developers ‘computer, but could not infect the developers’ code with malware.
“This would be possible for both the pytagora and pytagora2 packages, which allow code to run on the machine on which they were installed,” he said in a direct message. “After infecting the development machine, they allowed the code to run and then the attacker could download a payload that modifies the software projects under development. However, we have no evidence that this was actually done. “
Beware of “Frankenstein” malware packages
This critical role makes repositories the ideal environment for supply chain attacks, which are becoming increasingly common using techniques known as typosquatting, or dependency confusion.
Attacks on repository supply chains date back at least to 2016, when a college student uploaded malicious packages to PyPI. Over a period of several months, its fraudulent code was run more than 45,000 times on more than 17,000 different domains, and more than half the time its code was given almighty administrative privileges. Since then, supply chain attacks have occurred regularly at RubyGems and npm. In the past few months, white hat hackers have invented a new type of supply chain attack that works by uploading malicious packages to public code repositories and giving them a name identical to a package that is in the internal Repository for popular software is stored. These so-called dependency confusion attacks have already caught Apple, Microsoft and 33 other companies.
The JFrog researchers said that with the current state of repository security, the internet is likely to experience more attacks in the future.
“Almost all of the code snippets analyzed in this study were based on popular public tools with only a few parameters changed,” they wrote. “The obfuscation was also based on public obfuscation. We expect more of these “Frankenstein” malware packages from various attack tools (with modified exfiltration parameters) to be put together. “