The malware downloaded from PyPI 41,000 times was surprisingly stealth

The malware downloaded from PyPI 41,000 times was surprisingly stealth

PyPI, the open source repository used by organizations large and small to download code libraries, hosted 11 malicious packages that were downloaded more than 41,000 times, in one of the latest such incidents threatening the supply chain of software.

JFrog, a security firm that monitors PyPI and other repositories for malware, said the packages are notable for how long their developers took to disguise their malicious code from network detection. The lengths include a novel mechanism that uses what is known as reverse shell for proxy communications with control servers through the Fastly content distribution network. Another technique is DNS tunneling, something JFrog said it had never seen in malware loaded on PyPI before.

A powerful vector

“Package managers are a powerful and growing vector for the inadvertent installation of malicious code, and as we discovered with these 11 new PyPI packages, attackers are becoming more sophisticated in their approach,” wrote Shachar Menashe, senior director of research. from JFrog, in an email. . “Advanced evasion techniques used on these malware packages, such as novel exfiltration or even DNS tunneling (the first we’ve seen in packets uploaded to PyPI) point to a disturbing trend that attackers are getting more stealthy in their practices. attacks on open source software “.

The researchers said PyPI quickly removed all malicious packages once JFrog reported them.

The use of open source repositories to push malware dates back to at least 2016, when a college student uploaded malicious packages to PyPI, RubyGems, and npm. He gave the packages names that were similar to widely used packages already sent by other users.

In a span of several months, his imposter code was executed more than 45,000 times on more than 17,000 separate domains, and more than half the time his code was given all-powerful administrative rights. Two of the affected domains ended in .mil, an indication that people within the US military may have run your script.

In 2017, the Slovak National Security Authority reported that malicious packages downloaded from PyPI had been embedded in various pieces of production software over the course of three months. Since then, there have been an almost innumerable number of cases of malware that have infiltrated repositories.

In July, JFrog found malicious PyPI packages, downloaded more than 30,000 times, that carried out a variety of nefarious activities, including stealing credit card data and injecting malicious code into infected machines. Earlier this year, a researcher developed a new type of supply chain attack that can have dire consequences. So-called “dependency confusion attacks” work by uploading malicious packages to public code repositories and giving them names that are identical to legitimate packages stored in the internal repository of Microsoft, Apple, or another major software developer. Developers’ software management applications often prefer external code libraries over internal ones, thus downloading and using the malicious package rather than the trusted one.

From attacker to victim via Fastly

Now, these types of attacks are increasingly difficult to detect. The biggest breakthrough in the subterfuge the researchers found was in two packages, one called “Major Package” (or alternatively “Major Package”) and the other called “10Cent10” (or “10Cent11”). The packets use Fastly CDN to disguise communications between the infected machine and a control server.

Malicious code hiding in packets causes an HTTPS request to be sent to in a way that cannot be distinguished from a legitimate request to PyPI. Requests are eventually redirected by Fastly as an HTTP request to the control server The server then sends responses through the same configuration, allowing two-way communication. It quickly makes it easy for people to register their domains in the service. In many cases, registration can even be done anonymously.


JFrog researchers Andrey Polkovnychenko and Menashe explained:

PyPI’s infrastructure is hosted on Fastly CDN. This hosting uses the Varnish Transparent HTTP proxy to cache communication between clients and the backend. Traffic enters a TLS terminator for decryption, so the Varnish proxy can inspect the content of the HTTP packet. The proxy parses the HTTP headers of the user’s request and redirects the request to the corresponding backend according to the Host header. The process then repeats in the reverse direction, allowing the malware to mimic duplex communication with PyPI.

As a result, the command and control (C2) session is encrypted and signed with a legitimate server certificate, making it indistinguishable from communicating with legitimate PyPI resources.

DNS tunneling, the other advanced evasion technique the researchers found, works by using a DNS channel, normally reserved for mapping domain names to IP addresses, to send communications between an infected computer and a control server. DNS tunneling isn’t new, but the researchers said it’s the first time they’ve seen the technique used in malware loaded on PyPI.

The increasing sophistication of malicious code infiltrating PyPI, and presumably other repositories, is an indication that its use to spread malware is likely to continue. Developers who rely on public repositories must take special care to ensure that there are no typos or missing letters in the name of the package they are downloading.

Leave a Reply

Your email address will not be published. Required fields are marked *