Python Package Installation Can Trigger Malicious Code

guest · Sep 4, 2018

Python Package Installation Can Trigger Malicious Code
September 4, 2018
https://www.bleepingcomputer.com/ne...kage-installation-can-trigger-malicious-code/

The Python programming language allows you to install packages that can be included in your programs to extend their functionality. [...]
A researcher going by the handle mschwager on GitHub demonstrated an attack method that abuses the 'setup.py' file in Python modules to perform code execution when the package is installed.

To prove his point, mschwager detailed the attack by creating a proof-of-concept installation file he called 0wned. The following code shows how a custom 'PostInstallCommand' class is invoked when 'pip install' runs.
Installation file allows sneaky malware deployment
Python modules are typically installed using a package manager called 'pip', which launches a 'setup.py' file that is made available by the developer of the package for installation purposes. This file usually receives little attention since it is present only to help the user add a module to their machine.
Staying on the safe side
mschwager advises developers to always be suspicious about the Python modules they install on the system, particularly when they require root privileges.
Click to expand...

guest · Oct 27, 2018

Twelve malicious Python libraries found and removed from PyPI
October 27, 2018
https://www.zdnet.com/article/twelve-malicious-python-libraries-found-and-removed-from-pypi/

A software security engineer has identified 12 Python libraries uploaded on the official Python Package Index (PyPI) that contained malicious code.

Their creator(s) copied the code of popular packages and created a new library, but with a slightly modified name. [...]
Setup.py files contain a set of instructions that Python library installers like "pip" execute automatically when downloading and setting up a new package inside a Python project.
The nature of this extra code was to perform various malicious operations and varied per each malicious library.

The first set of malicious libraries would attempt to either collect data about each infected environment, obtain boot persistence, or even open a reverse shell on remote workstations. [...]

The researcher told us he discovered all 12 packages by using an automated system he created himself that scanned the PyPI repository for packages with similar names --technically referred to as "typo-squatted" packages.
Click to expand...

guest · Jul 17, 2019

Malicious Python libraries targeting Linux servers removed from PyPI
Security firm scanned over one million PyPI packages and found three backdoored libraries
July 17, 2019
https://www.zdnet.com/article/malicious-python-libraries-targeting-linux-servers-removed-from-pypi/

A security firm found three malicious Python libraries uploaded on the official Python Package Index (PyPI) that contained a hidden backdoor which would activate when the libraries were installed on Linux systems.
The three packages -- named libpeshnx, libpesh, and libari -- were authored by the same user (named ruri12) and had been available for download from PyPI for almost 20 months, since November 2017, before the packages were discovered earlier this month by security reserchers from ReversingLabs.

"If run by the user, the backdoor becomes active," he said. "There is also an installation procedure that makes running the backdoor more automated."
ReversingLabs says the backdoor was an interactive shell that attackers could have used to connect and run commands on computers that installed the three libraries.
[...] the other two packages (libpesh and libari) contained "references to the malicious function without any code," suggesting the author had either removed it, or was preparing to roll out backdoored versions of the other two libraries as well.
Click to expand...

ReversingLabs: SupPy Chain Malware - Detecting malware in package manager repositories

guest · Dec 4, 2019

Two malicious Python libraries caught stealing SSH and GPG keys
One library was available for only two days, but the second was live for nearly a year
December 4, 2019
https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were caught stealing SSH and GPG keys from the projects of infected developers.
The two libraries were created by the same developer and mimicked other more popular libraries -- using a technique called typosquatting to register similarly-looking names.

The first is "python3-dateutil," which imitated the popular "dateutil" library. The second is "jeIlyfish" (the first L is an I), which mimicked the "jellyfish" library.
STEALING SSH AND GPG KEYS
According to Martini, the malicious code was present only in the jeIlyfish library. The python3-dateutil package didn't contain malicious code of its own, but it did import the jeIlyfish library, meaning it was malicious by association.

"The code directly in the `jeIlyfish` library downloads a file called 'hashsum' that looks like nonsense from a gitlab repo, then decodes that into a Python file and executes it," Ganssle told ZDNet.
Click to expand...

This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository. Similar incidents have happened in September 2017 (ten libraries), October 2018 (12 libraries), and July 2019 (three libraries).
Click to expand...

guest · Nov 17, 2020

Researchers Scan for Supply-Side Threats in Open Source
November 17, 2020
https://www.darkreading.com/applica...ly-side-threats-in-open-source/d/d-id/1339465

Open source repositories form the backbone of modern software development — nearly every software project includes at least one component — but security experts increasingly worry that attackers are focused on infecting systems by inserting malicious code into popular repositories.

Last week, Stripe engineer Jordan Wright published the results of a home-brew research project that downloaded every Python component from the Python Package Index (PyPI) and looked for system calls that could indicate malicious intent.
However, none of the scanned packages seemed outright malicious, Wright said in his analysis.

"Looking through the data, I didn't find any packages doing significantly harmful activity that didn't also have 'malicious' somewhere in the name, which was good," he said. "But it's always possible I missed something, or that [attackers installing malicious code] would happen in the future."
Click to expand...

Wright plans to expand the effort to continuously monitor PyPI and add repositories for other platforms in the future.

"This found a few instances of potentially malicious behavior that you can find in the post, but the real power will be setting up continuous monitoring moving forward," he stated on Twitter.
"I still don't like that it's possible to run arbitrary commands on a user's system just by them pip installing a package," Wright said. "I get that the majority of use cases are benign, but it opens up risk that must be considered. Hopefully by increasingly monitoring various package managers we can identify signs of malicious activity before it has a significant impact."
Click to expand...

Hunting for Malicious Packages on PyPI

About a year ago, the Python Software Foundation opened a Request for Information (RFI) to discuss how we could detect malicious packages being uploaded to PyPI.
I wanted to explore this further, so in this post I’m going to walk through how I installed and analyzed every package in PyPI looking for malicious activity.
Click to expand...

guest · Jun 22, 2021

Malicious PyPI packages hijack dev devices to mine cryptocurrency
June 21, 2021
https://www.bleepingcomputer.com/ne...es-hijack-dev-devices-to-mine-cryptocurrency/

This week, multiple malicious packages were caught in the PyPI repository for Python projects that turned developers' workstations into cryptomining machines.

All malicious packages were published by the same account and tricked developers into downloading them thousands of times by using misspelled names of legitimate Python projects.
All came from user “nedog123” and the names of most of them are misspelled versions of the matplotlib legitimate plotting software.
Click to expand...

Ax Sharma, a security researcher at devops automation company Sonatype, analyzed the “maratlib” package in a blog post, noting that it was used as a dependency by the other malicious components.

“For each of these packages, the malicious code is contained in the setup.py file which is a build script that runs during a package’s installation,” the researcher writes.
Click to expand...

guest · Jul 30, 2021

Several Malicious Typosquatted Python Libraries Found On PyPI Repository
July 30, 2021
https://thehackernews.com/2021/07/several-malicious-typosquatted-python.html

As many as eight Python packages that were downloaded more than 30,000 times have been removed from the PyPI portal for containing malicious code, once again highlighting how software package repositories are evolving into a popular target for supply chain attacks.

"Lack of moderation and automated security controls in public software repositories allow even inexperienced attackers to use them as a platform to spread malware, whether through typosquatting, dependency confusion, or simple social engineering attacks," JFrog researchers Andrey Polkovnichenko, Omer Kaspi, and Shachar Menashe said Thursday.
Click to expand...

The aforementioned packages could be abused to become an entry point for more sophisticated threats, enabling the attacker to execute remote code on the target machine, amass system information, plunder credit card information and passwords auto-saved in Chrome and Edge browsers, and even steal Discord authentication tokens to impersonate the victim.

"The continued discovery of malicious software packages in popular repositories like PyPI is an alarming trend that can lead to widespread supply chain attacks," said JFrog CTO Asaf Karas.
Click to expand...

JFrog: JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code

We have alerted PyPI about the existence of the malicious packages which promptly removed them. Based on data from pepy.tech, we estimate the malicious packages were downloaded about 30,000 times. We currently don’t have data about the actual impact caused by the use of these malicious packages.

Almost all of the code snippets analyzed in this research were based on known public tools, with only a few parameters changed. The obfuscation was also based on public obfuscators.
We expect to see more of these “Frankenstein” malware packages stitched from different attack tools (with changed exfiltration parameters). We will continue to monitor public package repositories to sanitize such instances.
Click to expand...

guest · Oct 12, 2021

PyPI removes 'mitmproxy2' over code execution concerns
October 12, 2021
https://www.bleepingcomputer.com/news/security/pypi-removes-mitmproxy2-over-code-execution-concerns/

The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability.

The official 'mitmproxy' Python library is a free and open-source interactive HTTPS proxy with over 40,000 weekly downloads.
Click to expand...

Copycat package could trick devs into falling for 'newer' version
Yesterday, Maximilian Hils, who is one of the developers behind the 'mitmproxy' Python library drew everyone's attention towards a counterfeit 'mitmproxy2' package uploaded to PyPI.

'mitmproxy2' is essentially "the same as regular mitmproxy but with an artificial RCE vulnerability included."
The more popular you get, the more **** you attract: Someone uploaded "mitmproxy2" to @PyPI, which is the same as regular mitmproxy but with an artificial RCE vulnerability included.
— Maximilian Hils (@maximilianhils) October 11, 2021
"The problem is of course if you upload that to PyPI as 'mitmproxy2' with a version number that indicates it's newer/a successor, people will inevitably download that not knowing about the changes."
Click to expand...

Whack-a-mole: another copycat appears hours later
While analyzing 'mitmproxy2', BleepingComputer discovered another package 'mitmproxy-iframe' had appeared on the PyPI registry, less than a day after 'mitmproxy2' was removed.

Once again, this package is an exact replica of the official mitmproxy, but with the aforementioned safeguards removed from the "app.py" file, as seen by BleepingComputer.
Click to expand...

guest · Nov 19, 2021

Malicious PyPI Packages Downloaded 40,000+ Times
November 19, 2021
https://www.infosecurity-magazine.com/news/malicious-pypl-packages-downloaded/

Researchers have discovered 11 new malicious open-source packages using various advanced techniques to avoid detection on the popular PyPI repository.

Python’s official third-party software repository is home to over half a million developers, who typically use pre-built open-source packages to accelerate time-to-market.
However, threat actors are increasingly infiltrating these upstream sources for their own ends.
Click to expand...

The JFrog Security research team yesterday revealed it had discovered 11 new malware packages with over 40,000 downloads from PyPI. Their authors used a range of techniques to stay hidden and therefore infect as many users as possible.

These included using the Fastly CDN to disguise traffic sent to their command and control (C2) server as a legitimate communication with pypi.org.
According to JFrog, the client sends requests at random intervals and hides the malicious payload into normal-looking HTTP GET requests.
Click to expand...

In some cases, the malicious packages were split into two – a malicious element designed to steal Discord authentication tokens and a ‘legitimate’ package that doesn’t contain harmful functionality. The latter can be installed through typosquatting or “dependency confusion,” according to the report.

The discovery comes months after the same research team found eight malicious packages that had already been downloaded 30,000 times.

“While this set of malicious packages may not have the same ‘teeth’ as our previous discoveries, what’s notable is the increasing level of sophistication with which they are executed,” they said of the latest find.
Click to expand...

JFrog: Python Malware Imitates Signed PyPI Traffic in Novel Exfiltration Technique

The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to report vulnerable and malicious packages to repository maintainers. Earlier this year we disclosed several malicious packages targeting developers’ private data that were downloaded approximately 30K times. Today, we will share details about 11 new malware packages that we’ve recently discovered and disclosed to the PyPI maintainers (who promptly removed them).

Based on our latest findings, in this blogpost we highlight some of the more advanced techniques used by Python malware developers to avoid detection and remain in the repository in order to infect as many machines as possible.
Click to expand...

guest · Dec 6, 2021

Pip-audit: Google-backed tool probes Python environments for vulnerable packages
‘Good initial results’, says one early adopter
December 3, 2021

UPDATED A tool has been launched with support from Google that scans Python environments for packages with known vulnerabilities.
‘Pip-audit’ leverages the PyPI JSON API to compare dependencies against the Python Packaging Advisory Database – a repository of security advisories that in turn collects much of its data from the NVD CVE feed.

Users can alternatively audit dependencies against the Open Source Vulnerabilities (OSV) database.
Click to expand...

The project was developed by William Woodruff and Alex Cameron of Trail of Bits, a New York-based cybersecurity company, with funding from Google and support from Dustin Ingram, senior developer advocate at Google.

Pip-audit 1.0.0 was launched on Wednesday (December 1).
Click to expand...

No strings attached
The tool is not the only application that scans for flaws in Python environments, with existing alternatives including Safety, Snyk for Python, GitHub’s Dependabot, and OWASP Dependency Check.

Woodruff, the project lead, told The Daily Swig: “We wanted to build a tool that didn’t have any financial or licensing strings attached. Snyk and Safety are wonderful additions to the security ecosystem, but both require some level of paid subscription for their functionality (e.g. access to Safety’s more complete private vulnerability DB).”
Click to expand...

guest · Aug 4, 2022

School Kid Uploads Ransomware Scripts to PyPI Repository as 'Fun' Project
The malware packages had names that were common typosquats of a legitimate widely used Python library
August 2, 2022

An apparently school-age hacker based in Verona, Italy, has become the latest to demonstrate why developers need to pay close attention to what they download from public code repositories these days.

The young hacker recently uploaded multiple malicious Python packages containing ransomware scripts to the Python Package Index (PyPI), supposedly as an experiment.
The packages were named "requesys," "requesrs," and "requesr," which are all common typosquats of "requests" — a legitimate and widely used HTTP library for Python.
Click to expand...

According to the researchers at Sonatype who spotted the malicious code on PyPI, one of the packages (requesys) was downloaded about 258 times — presumably by developers who made typographical errors when attempting to download the real "requests" package. The package had scripts for traversing folders such as Documents, Downloads, and Pictures on Windows systems and encrypting them.

Victims were able to obtain the decryption key without having to make a payment for it, Sonatype says.

"And that makes this case more of a gray area rather than outright malicious activity," Sonatype concludes. Information on the hacker's Discord channel shows that at least 15 victims had installed and run the package.
Click to expand...

"There are two takeaways here," says Ankita Lamba, senior security researcher, at Sonatype. "First, be cautious when typing out the names of popular libraries, as typosquatting is one of the most common attack methods for malware," she says.

Second and more broadly, developers should always be cautious about what they’re downloading and what packages they’re incorporating into their software builds. "Open source is both critical fuel for digital innovation and a ripe target for software supply chain attacks," Lamba says.
Click to expand...

Sonatype: Ransomware in PyPI: Sonatype Spots 'Requests' Typosquats

Sonatype has identified multiple malicious Python packages that contain ransomware scripts. These packages are named after a legitimate, widely known library called 'Requests.'

While incidences of malware infiltrating open source repositories are hardly surprising, as we've repeatedly seen, it's not often we come across open source packages dropping ransomware. Last we saw this was in 2021 when we spotted npm typosquats launching MBRLocker ransomware.
Click to expand...

guest · Aug 8, 2022

10 Malicious Code Packages Slither into PyPI Registry
August 8, 2022

Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue.

The incident is the latest in a rapidly growing list of recent instances where threat actors have placed rogue software on widely used software repositories such as PyPI, Node Package Manager (npm), and Maven Central, with the goal of compromising multiple organizations. Security analysts have described the trend as significantly heightening the need for development teams to exercise due diligence when downloading third-party and open source code from public registries.
Click to expand...

Researchers at Check Point's Spectralops.io uncovered this latest set of malicious packages on PyPI, and found them to be droppers for information-stealing malware. The packages were designed to look like legitimate code — and in some cases mimicked other popular packages on PyPI.

The security vendor did not immediately respond when asked how long the malicious packages might have been available on the PyPI registry or how many people might have downloaded them.
Growing Supply Chain Exposure
The incident is the latest to highlight the growing dangers of downloading third-party code from public repositories without proper vetting.
Click to expand...

Check Point Research: CloudGuard Spectral detects several malicious packages on PyPI – the official software repository for Python developers

Highlights:

CloudGuard Spectral detects 10 malicious packages on PyPI, the leading Python package index used by developers for the Python programming language

Malicious packages install info-stealers that enable attackers to steal developer’s private data and personal credentials

Once detected, CPR disclosed the information and alerted PyPI on these packages. Later to be removed by PyPI

CPR urges users to be alerted and aware of these packages

Click to expand...

guest · Aug 15, 2022

A new PyPI Package was found delivering fileless Linux Malware
August 15, 2022

Sonatype researchers have discovered a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems.

The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since August 6, 2020.

“Sonatype has identified a ‘secretslib’ PyPI package that describes itself as “secrets matching and verification made easy.”” reads the post published by the experts. “On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters.”
The package fetches a Linux executable from a remote server and execute it to drop an ELF file (“memfd“) directly in memory. It is a Monero crypto miner likely created via the ‘memfd_create‘ system call.
Click to expand...

A few days ago, Check Point researchers discovered another ten malicious packages on the Python Package Index (PyPI). The packages install info-stealers that allow threat actors to steal the private data and personal credentials of the developers.
Click to expand...

Sonatype: PyPI Package 'secretslib' Drops Fileless Linux Malware to Mine Monero

THE CURIOUS CASE OF 'SECRETSLIB'—A FILELESS CRYPTOMINER
Sonatype has identified a 'secretslib' PyPI package that describes itself as "secrets matching and verification made easy." On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters.

Further, the threat actor publishing the malicious package used the identity and contact information of a real national laboratory software engineer working for a U.S. Department of Energy-funded lab to lend credibility to their malware but the truth eventually surfaced.
Click to expand...

guest · Aug 15, 2022

Malicious PyPi packages aim DDoS attacks at Counter-Strike servers
August 15, 2022

A dozen malicious Python packages were uploaded to the PyPi repository this weekend in a typosquatting attack that performs DDoS attacks on a Counter-Strike 1.6 server.

Python Package Index (PyPi) is a repository of open-source software packages that developers can easily incorporate into their Python projects to build complex apps with minimal effort.
However, as anyone can upload packages to the repository, and packages are not removed unless they are reported as malicious, the repository is being more commonly abused by threat actors who use it to steal developer credentials or deploy malware.
Click to expand...

A malicious typosquatting campaign
This weekend, researchers at Checkmarx discovered that a user named "devfather777" published 12 packages that used a name similar to other popular packages to trick software developers into using the malicious versions instead.

Typosquatting attacks rely on developers mistakenly using a malicious package with a similar name to a legitimate one. For example, some of the packages in this campaign and their legitimate counterparts (in parenthesis) are Gesnim (Gensim), TensorFolw (TensorFlow), and ipaddres (ipaddress).
Click to expand...

Because software developers usually fetch these packages via the terminal, it's easy to type its name with a letter in the wrong order.
While CheckMarx reported the packages to the PyPi repository, they remain online at the time of this writing.
Targeting CounterSrike servers
After downloading and using one of these malicious Python packages in their application, embedded code in the setup.py runs to confirm that the host is a Windows system, and if it is, it downloads a payload (test.exe) from GitHub.

The malware installs itself and creates a Startup entry for persistence between system reboots, while it also injects an expired system-wide Root certificate.
Click to expand...

Checkmarx: Typosquatting Campaign Targeting Python’s Top Packages, Dropping GitHub Hosted Malware to DDOS CS1.6 Server with DGA Capabilities

On Saturday, August 13th, Checkmarx’s Software Supply Chain Security Typosquatting engine detected a large-scale attack on the Python ecosystem with multi-stage persistent malware.
Click to expand...

guest · Sep 3, 2022

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks
By Ravie Lakshmanan - August 25, 2022

The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages.

"This is the first known phishing attack against PyPI," the maintainers of the official third-party software repository said in a series of tweets.
The social engineering attack entails sending security-themed messages that create a false sense of urgency by informing recipients that Google is implementing a mandatory validation process on all packages and that they need to click on a link to complete the validation before September, or risk getting their PyPI modules removed.
Click to expand...

Should an unsuspecting developer fall for the scheme, users are directed to a lookalike landing page that mimics PyPI's login page and is hosted on Google Sites, from where the entered credentials are captured and abused to unauthorizedly access the accounts and compromise the packages to include malware.

The modifications, for their part, are designed to download a file from a remote server.

"This malware is untypically large, ~63MB, (possibly in an attempt to evade [antivirus] detection) and has a valid signature (signed on August 23rd, 2022)," Checkmarx researcher Aviad Gershon noted.
"These releases have been removed from PyPI and the maintainer accounts have been temporarily frozen," PyPI said. Two of the affected packages so far include "exotel" and "spam." Additionally, several hundred typosquats are said to have been removed.
Click to expand...

Checkmarx: First Known Phishing Attack Against PyPI Users

By Aviad Gershon - August 24, 2022
A few hours ago, PyPi disclose information on the first seen phishing attack aimed at a Python contributor.

Right now, we are aware of hundreds of malicious packages that were related to this attack based on the known indicator.
During our investigation, we found new indicators related to this attack.
Click to expand...

guest · Sep 3, 2022

A third of PyPi software packages contains flaw to execute code when downloaded
By Derek B. Johnson - August 26, 2022

Approximately one-third of software packages from the Python Package Index (PyPi) are vulnerable to a design feature that allows an attacker to automatically execute code when downloaded on a computer.

The findings, discovered by Checkmarx and published Friday, underscore how open source software repositories like PyPi are increasingly being targeted and leveraged by malicious actors. The company said that “a large number of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.”
Click to expand...

According to Tzachi Zorenshtain, head of supply chain security at Checkmarx, when developers install a software package from repositories like PyPi, most understand there’s also a risk of installing any malicious code that goes with it.

“When we actually examined the behavior and looked for new attack vectors, we discovered that if you download a malicious package — just download it — it will automatically run on your computer,” he told SC Media in an interview from Israel.
“So we tried to understand why, because for us the word download doesn’t necessarily mean that the code will automatically run.”
But for PyPi, it does.
Click to expand...

There are other workarounds, such as downloading the package through your browser, that can avoid using the setup.py process altogether. Beyond that, Zorenshtain expects the vulnerability to be exploited in packages using the older file format for years to come.

“What is most alarming for us is this isn’t a vulnerability that’s going to be fixed easily,” said Zorenshtain, later adding “If we magically changed all the formats and everything is resubmitted and filed to the new format, then it would be easy to remove this behavior. We understand that this behavior will probably be with us for a little while, so at least [building] awareness is what was important to us.”
Click to expand...

Checkmarx: Automatic Execution of Code Upon Package Download on Python Package Manager

By Yehuda Gelb - August 29, 2022
Automatic code execution is triggered upon downloading approximately one third of the packages on PyPi.

A worrying feature in pip/PyPi allows code to automatically run when developers are merely downloading a package. Also, this feature is alarming due to the fact that a great deal of the malicious packages we are finding in the wild use this feature of code execution upon installation to achieve higher infection rates.
Click to expand...

It is important that python developers understand that package downloading can expose them to an increased risk of a supply chain attack.
Click to expand...

guest · Sep 3, 2022

mood said: ↑

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks
By Ravie Lakshmanan - August 25, 2022

Checkmarx: First Known Phishing Attack Against PyPI Users
Click to expand...

Actors behind PyPI supply chain attack have been active since late 2021
Group that pulled off successful attack on PyPI has humble origins.
By Dan Goodin @dangoodin001 - September 2, 2022

The official software repository for the Python language, Python Package Index (PyPI), has been targeted in a complex supply chain attack that appears to have successfully poisoned at least two legitimate projects with credential-stealing malware, researchers said on Thursday.

PyPI officials said last week that project contributors were under a phishing attack that attempted to trick them into divulging their account login credentials. When successful, the phishers used the compromised credentials to publish malware that posed as the latest release for legitimate projects associated with the account. PyPI quickly took down the compromised updates and urged all contributors to use phishing-resistant forms of two-factor authentication to protect their accounts better.
Click to expand...

On Thursday, researchers from security firms SentinelOne and Checkmarx said that the supply chain attacks were part of a larger campaign by a group that has been active since at least late last year to spread credential-stealing malware the researchers are dubbing JuiceStealer. Initially, JuiceStealer was spread through a technique known as typosquatting, in which the threat actors seeded PyPI with hundreds of packages that closely resembled the names of well-established ones, in the hopes that some users would accidentally install them.

JuiceStealer was discovered on VirusTotal in February when someone, possibly the threat actor, submitted a Python app that surreptitiously installed the malware. JuiceStealer is developed using the .Net programming framework.
Click to expand...

Over time, the threat actor, which the researchers are calling JuiceLedger, started using crypto-themed fraudulent applications such as the Tesla Trading bot, which was delivered in zip files accompanying additional legitimate software.

"The escalation in complexity in the attack on PyPI contributors, involving a targeted phishing campaign, hundreds of typosquatted packages and account takeovers of trusted developers, indicates that the threat actor has time and resources at their disposal."
Click to expand...

SentinelOne: PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

Executive Summary

JuiceLedger is a relativey new threat actor focused on infostealing through a .NET assembly called ‘JuiceStealer’

JuiceLedger has rapidly evolved its attack chain from fraudulent applications to supply chain attacks in little over 6 months

In August, JuiceLedger conducted a phishing campaign against PyPI contributors and successfully compromised a number of legitimate packages

Hundreds of typosquatting packages delivering JuiceStealer malware have been identified

At least two packages with combined downloads of almost 700,000 were compromised

PyPI says that known malicious packages and typosquats have now been removed or taken down

Click to expand...

guest · Nov 11, 2022

Researchers warn of malicious packages on PyPI using steganography
By Pierluigi Paganini - November 10, 2022

CheckPoint researchers discovered a malicious package, named ‘apicolor,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files.

The malicious package infects PyPI users through open-source projects on Github.
The package was uploaded to PyPI on October 31, 2022, it had a vague header stating this is a ‘core lib for REST API’.
Click to expand...

The analysis of the package installation script revealed a code section at the beginning. It starts by manually installing extra requirements, then it downloads an image (“8F4D2uF.png”) hosted on Imgur and uses the newly installed package, called judyb, to process the picture and trigger the processing generated output using the exec command.

“The two packages being manually installed are requests (quite popular helper package for API usage), and judyb. The judib package details initially seem like an ‘in progress’ package, having an empty description and a vague header stating this is ‘a pure Python judyb module’.” reads the analysis published by CheckPoint “A deeper look revealed judib was first released around the same time as apicolor.”
“The judyb code turned out to be a steganography module, responsible hiding and revealing hidden messages inside pictures. Check Point Research suspected that the image downloaded during the apicolor installation may include a hidden part inside of it.”
Click to expand...

Check Point CloudGuard Spectral exposes new obfuscation techniques for malicious packages on PyPI

Highlights:

Check Point Research (CPR) detects a new and unique malicious package on PyPI, the leading package index used by developers for the Python programming language

The new malicious package was designed to hide code in images and infect through open-source projects on Github

CPR responsibly disclosed this information to PyPI, who removed the packages immediately

New obfuscation techniques for malicious packages – hiding code inside images
Click to expand...

guest · Nov 17, 2022

Hundreds Infected With 'Wasp' Stealer in Ongoing Supply Chain Attack
By Ionut Arghire - November 17, 2022

Security researchers are raising alarm on an ongoing supply chain attack that uses malicious Python packages to distribute an information stealer.
Click to expand...

Ongoing since the first half of October, the attack was uncovered by Phylum on November 1, with the attackers copying existing popular libraries and injecting a malicious ‘import’ statement into them.

The purpose of the injected code is to infect the victim’s machine with a script that runs in the background. The script, which fetches the victim’s geolocation, contains a modified version of an information stealer called Wasp.
The attackers have managed to infect hundreds of victims to date, while actively releasing new packages to continue the campaign, Checkmarx notes.
Click to expand...

Steganography is used to hide the malicious code inside packages. The payload is polymorphic, meaning that different code results each time the second and third stage URLs are loaded, which helps evade detection and ensures persistence.

The Wasp malware can steal a great deal of information from victims’ machines, including Discord account information, passwords, credit card data, crypto wallets, and local files.
Click to expand...

Since the beginning of the campaign, the attacker has created tens of new Python packages and numerous fake user accounts that mimic legitimate libraries and accounts.

“The level of manipulation used by software supply chain attackers is increasing as attackers get increasingly more clever. It seems this attack is ongoing, and whenever the security team of Python deletes his packages, he quickly maneuvers and creates a new identity or simply uses a different name,” Checkmarx notes.
Click to expand...

Checkmarx: WASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of Victims

By Jossef Harush - November 15, 2022
In early November, several malicious packages were reported by Phylum and CheckPoint. We link these two reports to the same attacker with a unique approach to hiding its malicious code.
Click to expand...

Phylum: Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack

November 1, 2022
Last week, our automated risk detection platform alerted us to some suspicious activity in dozens of newly published PyPI packages. It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on to Python developer’s machines by hiding a malicious __import__ . Join us here on the Phylum research team as we investigate these new and shifting tactics the attacker is using to deploy W4SP stealer in this supply-chain attack.
Click to expand...

guest · Dec 29, 2022

mood said: ↑

Hundreds Infected With 'Wasp' Stealer in Ongoing Supply Chain Attack
By Ionut Arghire - November 17, 2022

Checkmarx: WASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of Victims
Phylum: Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
Click to expand...

Hackers bombard PyPi platform with information-stealing malware
By Bill Toulas @billtoulas - December 20, 2022

The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers' data.
Click to expand...

The malware dropped in this campaign is a clone of the open-source W4SP Stealer, responsible for a previous widespread malware infection on PyPI in November 2022.

Since then, an additional 31 packages dropping 'W4SP' have been removed from the PyPI repository, with the malware's operators continuing to seek new ways to reintroduce their malware on the platform.
Click to expand...

Targeting open-source developers
Last week, the Phylum research team reported it had found another set of 47 packages that distributed W4SP on PyPI. However, this operation was disrupted after GitHub terminated the repository used by the threat actor for fetching the primary payload.

The cybersecurity firm reported yesterday that at least 16 packages on PyPI are spreading ten different information-stealing malware variants based on W4SP Stealer.
Click to expand...

Phylum: W4SP Stealer Update—They’re Still At It

In case the threat actors haven’t figured it out yet, Phylum has a fully automated package monitoring and analysis platform that works quickly and efficiently at scale. We literally get pinged every time you publish your malware. You can keep spinning the hamster wheel, but you won’t get very far.
Click to expand...

This one will be short and sweet! Since our last W4SP Stealer update, we’ve seen at least an additional 47 packages containing W4SP Stealer published on PyPI by these threat actors. And again, they are all published under the guise of a legit package with the malicious __import__ first stage lurking somewhere in the __init__.py, the setup.py, or some other important file that gets called during installation or on first import.

Phylum has been monitoring the actions of this group, both on PyPI and elsewhere, for sometime now, gathering up information about the actors themselves and the infrastructure they use in an effort to severely hamper, if not completely stop, their continuous publication of malware into the open source ecosystem.
Click to expand...

guest · Dec 30, 2022

Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware
By Pierluigi Paganini - December 20, 2022

Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne.
Click to expand...

The malicious package was first uploaded to the repository on December 11, 2022, in just two days, attackers pushed twenty versions of the malicious project.

The package claims to offer access the SentinelOne’s APIs, but it actually contains malicious code to harvest sensitive information from development systems, including credentials, configuration data, and SSH keys. The package is part of a malicious campaign tracked by ReversingLabs as “SentinelSneak.
Click to expand...

According to the researchers, the package is a copy of the actual SentinelOne SDK python client, and the threat actor added the malicious functionality to its code.

“The package appears to be a fully functional SentinelOne client, but contains a malicious backdoor, ReversingLabs threat researcher Karlo Zanki discovered.” reads the analysis published by ReversingLabs. “The malicious functionality in the library does not execute upon installation, but waits to be called on programmatically before activating — a possible effort to avoid detection. ReversingLabs is calling this campaign “SentinelSneak.””
Click to expand...

ReversingLabs: SentinelSneak: Malicious PyPI module poses as security software development kit

By Karlo Zanki - December 19, 2022
A malicious Python file found on the PyPI repository adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.
Click to expand...

guest · Jan 2, 2023

Python developers, uninstall this malicious package right now
By Usama Jawad @UsamaJawad9 - January 2, 2023

If you're a Python developer and one who is accustomed to installed the latest preview builds of libraries, you might want to take immediate mitigative action. PyTorch, an open-source machine learning framework initially developed by Meta and now under the Linux Foundation, has seemingly been the target of a supply chain attack, which has potentially led to many users installing a malicious package.
Click to expand...

Basically, PyTorch-nightly leverages a dependency called "torchtriton". While the library hosted on the PyTorch nightly package index isn't malicious at all, a problematic package with the same name was uploaded to the Python Package Index (PyPI) repository over the holidays.
Click to expand...

Fortunately though, the apparent dependency confusion attack has likely not impacted the mainstream Python development community at large. This is because it only affects users of PyTorch-nightly who installed the package on Linux between December 25 and December 30. Users of stable packages are not affected.

Following the discovery of the malicious torchtriton package, the PyTorch development team published a disclosure, and changed the name of the torchtriton package to "pytorch-torchtriton" and registered it as a dummy package on PyPI to prevent similar attacks in the future.
Click to expand...

Source: PyTorch via Bleeping Computer
Click to expand...

guest · Jan 7, 2023

Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls
By Bill Toulas @billtoulas - January 7, 2023

Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access.
Click to expand...

The malicious packages attempt to steal sensitive user information stored in browsers, run shell commands, and use keyloggers to steal typed secrets.

The six packages were discovered by the Phylum research team, who closely monitors PyPI for emerging campaigns.
The researchers report that these malicious extensions first appeared on the package repository on December 22. The threat actors continued to upload other packages until the last day of the year.
Click to expand...

Information-stealer functionality
The installer (setup.py) on these files contains a base64-encoded string that decodes to a PowerShell script.
This script sets the '-ErrorAction SilentlyContinue' flag so that the script will silently continue, even if it runs into errors, to avoid detection by developers.

The stolen data includes cryptocurrency wallets, browser cookies and passwords, Telegram data, Discord tokens, and more. This data is zipped up and transmitted through transfer[.]sh to the attackers, while a ping to the onion site confirms the completion of the info-stealing step.
Also a remote access trojan
The script now runs "cftunnel.py," also included in the ZIP archive, that is used to install a Cloudflare Tunnel client on the victim's machine.
Click to expand...

Phylum: A Deep Dive Into poweRAT: a Newly Discovered Stealer/RAT Combo Polluting PyPI

January 5, 2023
Phylum has uncovered yet another malware campaign waged against PyPI users. And once again, the attack chain is complicated and obfuscated, but it’s also quite novel and further proof that supply chain attackers aren’t going to be giving up any time soon.
Click to expand...

guest · Jan 16, 2023

Malicious ‘Lolip0p’ PyPi packages install info-stealing malware
By Bill Toulas @billtoulas - January 16, 2023

A threat actor has uploaded to the PyPI (Python Package Index) repository three malicious packages that carry code to drop info-stealing malware on developers' systems.
Click to expand...

The malicious packages, discovered by Fortinet, were all uploaded by the same author named 'Lolip0p' between January 7 and 12, 2023. Their names are 'colorslib,' 'httpslib,' and 'libhttps.' All three have been reported and removed from the PyPI.

PyPI is the most widely used repository for Python packages that software developers use to source the building blocks of their projects.
Click to expand...

New campaign
Contrary to the typical malicious uploads on PyPI, the trio that Fortinet discovered features complete descriptions, which helps trick developers into believing they're genuine resources.
In this case, the names of the packages do not mimic other projects but seek to convince they come with reliable, risk-free code.

The detection rates for all three executables used in this attack are quite low, ranging between 4.5% and 13.5%, allowing the malicious files to evade detection from multiple security agents that may be running on the victim host.
Click to expand...

Fortinet: Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”

By Jin Lee - January 14, 2023
The FortiGuard Labs team has discovered a new 0-day attack embedded in three PyPI packages (Python Package Index) called ‘colorslib’, ‘httpslib’, and “libhttps”. They were found on January 10, 2023, by monitoring an open-source ecosystem. The Python packages “colorslib” and “httpslib” were published on January 7, 2023, and “libhttps” was published on January 12, 2023. All three were published by the same author, ‘Lolip0p’, as shown in the official PyPI repository. ‘Lolip0p’ joined the repository close to the publish date.
Click to expand...

guest · Jan 18, 2023

mood said: ↑

Malicious ‘Lolip0p’ PyPi packages install info-stealing malware
By Bill Toulas @billtoulas - January 16, 2023

Fortinet: Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”
Click to expand...

PyPI Users Targeted With 'Wacatac' Trojan in New Supply Chain Attack
By Ionut Arghire - January 17, 2023

Fortinet warns of three new malicious PyPI packages containing code designed to fetch the Wacatac trojan and information stealer as a next stage payload.
Click to expand...

The three Python packages, ‘colorslib’, ‘httpslib’ and ‘libhttps’ were uploaded to PyPI (Python Package Index) on January 7 and January 12.
The Python packages feature legitimate-looking descriptions, meant to trick users into believing they are clean. However, Fortinet discovered that all versions of these packages are, in fact, malicious.

Both the binary and one of the executables it fetches (SearchProtocolHost.exe) are flagged by several antivirus tools as ‘Wacatac’, a trojan and information stealer that targets login credentials, banking information, and other sensitive information.
Click to expand...

Wacatac can also be used to deploy additional malware on the victim’s machine, including ransomware, and perform other “actions of a malicious hacker's choice”, according to Microsoft.

“Python end users should always perform due diligence before downloading and running any packages, especially from new authors. And as can be seen, publishing more than one package in a short time period is no indication that an author is reliable,” Fortinet concludes.
Click to expand...

Log in or Sign up

Python Package Installation Can Trigger Malicious Code

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Log in or Sign up

Python Package Installation Can Trigger Malicious Code

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

Useful Searches