Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks.
The Python packages have since been removed from the repository following responsible disclosure by DevOps firm JFrog:
- importantpackage / important-package
- 10Cent10 / 10Cent11
Two of the packages (“importantpackage,” “10Cent10,” and their variants) were found obtaining a reverse shell on the compromised machine, giving the attacker full control over an infected machine. Two other packages “ipboards” and “trrfab” masqueraded as legitimate dependencies designed to be automatically imported by taking advantage of a technique called dependency confusion or namespace confusion.
Unlike typosquatting attacks, where a malicious actor deliberately publishes packages with misspelled names of popular variants, dependency confusion works by uploading poisoned components with names that are the same as the legitimate internal private packages, but with a higher version and uploaded to public repositories, effectively forcing the target’s package manager to download and install the malicious module.
The dependency “importantpackage” also stands out for its novel exfiltration mechanism to evade network-based detection, which involves using Fastly’s content delivery network (CDN) to mask its communications with the attacker-controlled server as communication with pypi[.]org.
The malicious code “causes an HTTPS request to be sent to pypi.python[.]org (which is indistinguishable from a legitimate request to PyPI), which later gets rerouted by the CDN as an HTTP request to the [command-and-control] server,” JFrog researchers Andrey Polkovnychenko and Shachar Menashe explained in a report published Thursday.
Lastly, both “ipboards” and a fifth package named “pptest” were discovered using DNS tunneling as a data exfiltration method by relying on DNS requests as a channel for communication between the victim machine and the remote server. JFrog said it’s the first time the technique has been spotted in malware uploaded to PyPI.
“Package managers are a growing and powerful vector for the unintentional installation of malicious code, and […] attackers are getting more sophisticated in their approach,” said Menashe, JFrog’s senior director of research. “The advanced evasion techniques used in these malware packages, such as novel exfiltration or even DNS tunneling signal a disturbing trend that attackers are becoming stealthier in their attacks on open-source software.”
Indeed, after at least three NPM developer accounts were compromised by bad actors to insert malicious code into popular packages “ua-parser-js,” “coa,“ and “rc,” GitHub earlier this week outlined plans to tighten the security of the NPM registry by requiring two-factor authentication (2FA) for maintainers and admins starting in the first quarter of 2022.
The development also comes as the software development and version control platform disclosed that it addressed multiple flaws in the NPM registry that could have leaked the names of private packages and allowed attackers to bypass authentication and publish versions of any package without requiring any authorisation.