PYPI package hijack key stroke

Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs.

The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down. According to ClickPy statistics, a majority of these downloads came from the United States, China, Russia, and India.

Zebo is a "typical example of malware, with functions designed for surveillance, data exfiltration, and unauthorized control," security researcher Jenna Wang said, adding cometlogger "also shows signs of malicious behavior, including dynamic file manipulation, webhook injection, stealing information, and anti-[virtual machine] checks."

The first of the two packages, zebo, uses obfuscation techniques, such as hex-encoded strings, to conceal the URL of the command-and-control (C2) server it communicates with over HTTP requests.

It also packs in a slew of features to harvest data, including leveraging the pynput library to capture keystrokes and ImageGrab to periodically grab screenshots every hour and save them to a local folder, prior to uploading them to the free image hosting service ImgBB using an API key retrieved from the C2 server.

In addition to exfiltrating sensitive data, the malware sets up persistence on the machine by creating a batch script that launches the Python code and adds it to the Windows Startup folder so that it's automatically executed upon every reboot.

Cometlogger, on the other hand, is a lot of feature-packed, siphoning a wide range of information, including cookies, passwords, tokens, and account-related data from apps such as Discord, Steam, Instagram, X, TikTok, Reddit, Twitch, Spotify, and Roblox.

It's also capable of harvesting system metadata, network and Wi-Fi information, a list of running processes, and clipboard content. Furthermore, it incorporates checks to avoid running in virtualized environments and terminates web browser-related processes to ensure unrestricted file access.

"By asynchronously executing tasks, the script maximizes efficiency, stealing large amounts of data in a short time," Wang said.

"While some features could be part of a legitimate tool, the lack of transparency and suspicious functionality make it unsafe to execute. Always scrutinize code before running it and avoid interacting with scripts from unverified sources."


It's also capable of harvesting system metadata, network and Wi-Fi information, a list of running processes, and clipboard content. Furthermore, it incorporates checks to avoid running in virtualized environments and terminates web browser-related processes to ensure unrestricted file access.

"By asynchronously executing tasks, the script maximizes efficiency, stealing large amounts of data in a short time," Wang said.

"While some features could be part of a legitimate tool, the lack of transparency and suspicious functionality make it unsafe to execute. Always scrutinize code before running it and avoid interacting with scripts from unverified sources."

A new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations.

It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in "hundreds of thousands" of malicious package downloads. These susceptible packages have more than 100,000 downloads or have been active for over six months.

"This attack technique involves hijacking PyPI software packages by manipulating the option to re-register them once they're removed from PyPI's index by the original owner," JFrog security researchers Andrey Polkovnychenko and Brian Moussalli said in a report shared with The Hacker News.

At its core, the attack hinges on the fact that Python packages published in the PyPI repository may get removed, making available the names of those deleted projects for registration to any other user.

Statistics shared by JFrog show that about 309 packages are removed each month on average. These could happen for any number of reasons: Lack of maintenance (i.e., abandonware), package getting re-published under a different name, or introducing the same functionality into official libraries or built-in APIs.

This also poses a lucrative attack surface that's more effective than typosquatting and which an attacker, using their own accounts, could exploit to publish malicious packages under the same name and a higher version to infect developer environments.

"The technique does not rely on the victim making a mistake when installing the package," the researchers said, pointing out how Revival Hijack can yield better results from the point of view of an adversary. "Updating a 'once safe' package to its latest version is viewed as a safe operation by many users."

While PyPI does have safeguards in place against author impersonation and typosquatting attempts, JFrog's analysis found that running the "pip list --outdated" command lists the counterfeit package as a new version of the original package, wherein the former corresponds to a different package from an entirely different author.

Even more concerning, running the "pip install –upgrade" command replaces the actual package with the phony one without not so much of a warning that the package's author has changed, potentially exposing unwitting developers to a huge software supply chain risk.

JFrog said it took the step of creating a new PyPI user account called "security_holding" that it used to safely hijack the susceptible packages and replace them with empty placeholders so as to prevent malicious actors from capitalizing on the removed packages.

Additionally, each of these packages has been assigned the version number as 0.0.0.1 – the opposite of a dependency confusion attack scenario – to avoid getting pulled by developers when running a pip upgrade command.

What's more disturbing is that Revival Hijack has already been exploited in the wild, with an unknown threat actor called Jinnis introducing a benign version of a package named "pingdomv3" on March 30, 2024, the same day the original owner (cheneyyan) removed the package from PyPI.

On April 12, 2024, the new developer is said to have released an update containing a Base64-encoded payload that checks for the presence of the "JENKINS_URL" environment variable, and if present, executes an unknown next-stage module retrieved from a remote server.


This suggests that the attackers either delayed the delivery of the attack or designed it to be more targeted, possibly limiting it to a specific IP range," JFrog said.

The new attack is a sign that threat actors are eyeing supply chain attacks on a broader scale by targeting deleted PyPI packages in order to expand the reach of the campaigns. Organizations and developers are recommended to inspect their DevOps pipelines to ensure that they are not installing packages that have been already removed from the repository.

"Using a vulnerable behavior in the handling of removed packages allowed attackers to hijack existing packages, making it possible to install it to the target systems without any changes to the user's workflow," said Moussalli, JFrog Security Research Team Lead.

"The PyPI package attack surface is continually growing. Despite proactive intervention here, users should always stay vigilant and take the necessary precautions to protect themselves and the PyPI community from this hijack technique."




Comments

Post a Comment

Popular posts from this blog

July 2024 Patch Tuesday Unleashes a Torrent of Updates

to a pair of cowboy fighter pilots (ahem, naval aviators) in  Top Gun . Less well known, but still  Alive And Kicking  (like the song released the same year by Simple Minds), the TIFF image file format also was introduced that year by Aldus Corporation, now known as Adobe. This CVE addresses a critical, easily exploitable vulnerability specific to this 38-year-old file format. A specially-crafted, malicious TIFF file, uploaded to a vulnerable server, could have triggered the server that receives the file to execute malicious code embedded in the TIFF file. Patch your servers to take them out of the danger zone. CVE-2024-38032 – Microsoft Xbox Remote Code Execution Vulnerability Users of the Xbox gaming console who also happen to have a wireless adapter, and connect wirelessly to their local network, should beware of strangers lurking on their network who can attack these devices. The (so far) hypothetical threat is that someone who is connected to your wireless network ca...
Read more

CVE-2023-26369 Adobe acrobat update

Adobe's  Patch Tuesday update  for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. Described as an out-of-bounds write, successful exploitation of the bug could lead to code execution by opening a specially crafted PDF document. Adobe did not disclose any additional details about the issue or the targeting involved. "Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader," the company  acknowledged  in an advisor CVE-2023-26369 affects the below versions - Acrobat DC (23.003.20284 and earlier versions) - Fixed in 23.006.20320 Acrobat Reader DC (23.003.20284 ...
Read more

US court holds Israeli spyware liable for hacking Meta’s WhatsApp

Image
Gujarat India NRI News Entertainment Sports Lifestyle & Fashion Health Business World Science & Technology VIDEO GUJARATI E-PAPER SEARCH Gujarat Samachar World US court holds Israeli spyware liable for hacking Meta’s WhatsApp Updated: Dec 22nd, 2024 A US court on Friday held in favour of tech giant WhatsApp in a lawsuit accusing Israel’s NSO Group Technologies Ltd of exploiting a bug in the messaging app to install spy software that allowed unauthorised surveillance. US District Judge Phyllis Hamilton in Oakland, California, granted a motion by WhatsApp and found NSO liable for hacking and breach of contract. According to the court document, “WhatsApp filed this lawsuit, alleging that defendants sent malware, using WhatsApp’s system, to approximately 1,400 mobile phones and devices designed to infect those devices to surveil the users of those phones and devices.”  The targets included journalists, human rights activists and dissidents. Among the 1,400 mobile phones th...
Read more