A group of cryptominers was found to have infiltrated the Python Package Index (PyPI), which is a repository of software code created in the Python programming language.
Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects. Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.
Researchers at Sonatype found six different malicious packages hiding in PyPI, which have a collective 5,000 downloads, all uploaded by a user with the handle “nedog123,” according to a Tuesday blog post.
These consist of a main package called “maratlib,” along with five others that use maratlib as a component: maratlib1; matplatlib-plus; mllearnlib; mplatlib and learninglib.
“Also, some of these packages are typosquats, or programs that are expected to be grabbed by people accidentally typing in the wrong name,” wrote Sontaype researcher Ax Sharma in the posting. “For example, the counterfeit mplatlib and matplatlib-plus are named after the legitimate Python plotting software [called] matplotlib.”
The maratlib Malicious Python Package
In all of the packages, the malicious code is contained in a build script that runs during a package’s installation, dubbed “setup.py.” This file downloads and runs a Bash script from GitHub.
The Bash scripts run cryptominers on compromised machines, including one dubbed “Ubqminer,” and the open-source cryptomining program known as T-Rex. The former mines for UBIQ coins, while the latter uses NVIDIA GPU processors to mine for Ethereum.
“Once again, this particular discovery is a further indication that developers are the new target for adversaries over the software they write,” Sharma said. “These PyPI packages have been lurking on the repository for months, targeting developer systems with the goal of turning them into cryptominers.”
Sonatype said that it notified PyPI of the packages, which, according to a site search by Threatpost, appear to have been taken down. It’s unclear how many active projects contain the malicious code, however, so the threat persists.
“This is a systemic threat, and it needs to be actively addressed on several layers, both by the maintainers of software repositories and by the developers,” explained Ilya Khivrich, chief scientist with Vdoo, via email. “On the developers’ side, preventive measures such as verification of library signatures and employing automated tools to scan for hints of suspicious code included in the project should be included in the CI/CD pipeline.”
The threat actor could crop up again using aliases, of course. In examining the URLs serving the scripts, Sharma kept receiving 404 (not found) errors, but eventually discovered an updated alias for the original “nedog123” user: “maratoff.”
“The commit IDs associated with update/deletion of these scripts found on GitHub mirrors that mentioned alias nedog123, matched the commits in maratoff’s repository,” he explained. “Also, the newer maratoff repo contains files referencing the deleted nedog123 alias.”
Developers: The New Supply-Chain Target for Malware
As Sharma pointed out, this latest discovery is part of a growing trend of malware infesting software repositories as part of next-gen supply-chain attacks, including recent copycat packages targeting well-known tech companies.
In the latter case, malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow (among others) were found in March, lurking inside the npm public code repository. All of them exfiltrated sensitive information.
The packages weaponized an earlier proof-of-concept (PoC) code dependency-confusion exploit devised by security researcher Alex Birsan to inject rogue code into developer projects.
Also in March, the PHP project found that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. Fortunately, they were discovered before they went into production.
In January, three malicious software packages were published to npm, a code repository for JavaScript developers, which had the ability to steal tokens and other information from Discord users.
Also recently, RubyGems, an open-source package repository and manager for the Ruby web programming language, took two of its software packages offline after they were found to be laced with Bitcoin-stealing malware.
“The complexity of modern software development processes and their reliance on large community-maintained codebases introduces a risk for developers to inadvertently include malicious code into the project,” said Vdoo’s Khivrich. “The implications can be severe — in many cases it will be a complete takeover of the developed program or device by an attacker.”
Join Threatpost for “Tips and Tactics for Better Threat Hunting” — a LIVE event on Wed., June 30 at 2:00 PM ET in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. Register HERE for free!