Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks.
The Python packages have since been removed from the repository following responsible disclosure by DevOps firm JFrog —
- importantpackage / important-package
- 10Cent10 / 10Cent11
Two of the packages (“importantpackage,” “10Cent10,” and their variants) were found obtaining a reverse shell on the compromised machine, giving the attacker full control over an infected machine. Two other packages “ipboards” and “trrfab” masqueraded as legitimate dependencies designed to be automatically imported by taking advantage of a technique called dependency confusion or namespace confusion.
Unlike typosquatting attacks, where a malicious actor deliberately publishes packages with misspelled names of popular variants, dependency confusion works by uploading poisoned components with names that are the same as the legitimate internal private packages, but with a higher version and uploaded to public repositories, effectively forcing the target’s package manager to download and install the malicious module.
The dependency “importantpackage” also stands out for its novel exfiltration mechanism to evade network-based detection, which involves using Fastly’s content delivery network (CDN) to mask its communications with the attacker-controlled server as communication with pypi[.]org.
The malicious code “causes an HTTPS request to be sent to pypi.python[.]org (which is indistinguishable from a legitimate request to PyPI), which later gets rerouted by the CDN as an HTTP request to the [command-and-control] server,” JFrog researchers Andrey Polkovnychenko and Shachar Menashe explained in a report published Thursday.
images from Hacker News