Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Python Package. Show all posts

Malicious Python Packages Target Developers Using AI Tools





The rise of generative AI (GenAI) tools like OpenAI’s ChatGPT and Anthropic’s Claude has created opportunities for attackers to exploit unsuspecting developers. Recently, two Python packages falsely claiming to provide free API access to these chatbot platforms were found delivering a malware known as "JarkaStealer" to their victims.


Exploiting Developers’ Interest in AI

Free and free-ish generative AI platforms are gaining popularity, but the benefits of most of their advanced features cost money. This led certain developers to look for free alternatives, many of whom didn't really check the source to be sure. Cybercrime follows trends and the trend is that malicious code is being inserted into open-source software packages that at least initially may appear legitimate.

As George Apostopoulos, a founding engineer at Endor Labs, describes, attackers target less cautious developers, lured by free access to popular AI tools. "Many people don't know better and fall for these offers," he says.


The Harmful Python Packages

Two evil Python packages, "gptplus" and "claudeai-eng," were uploaded to the Python Package Index, PyPI, one of the official repositories of open-source Python projects. The GPT-4 Turbo model by OpenAI and Claude chatbot by Anthropic were promised by API integrations from the user "Xeroline.".

While the packages seemed to work by connecting users to a demo version of ChatGPT, their true functionality was much nastier. The code also contained an ability to drop a Java archive (JAR) file which delivered the JarkaStealer malware to unsuspecting victims' systems.


What Is JarkaStealer?

The JarkaStealer is an infostealer malware that can extract sensitive information from infected systems. It has been sold on the Dark Web for as little as $20, but its more elaborate features can be bought for a few dollars more, which is designed to steal browser data and session tokens along with credentials for apps like Telegram, Discord, and Steam. It can also take screenshots of the victim's system, often revealing sensitive information.

Though the malware's effectiveness is highly uncertain, it is cheap enough and readily available to many attackers as an attractive tool. Its source code is even freely accessible on platforms like GitHub for an even wider reach.


Lessons for Developers

This incident points to risks in downloading unverified packages of open source, more so when handling emerging technologies such as AI. Development firms should screen all software sources to avoid shortcuts that seek free premium tools. Taking precautionary measures can save individuals and organizations from becoming victims of such attacks.

With regard to caution and best practices, developers are protected from malicious actors taking advantage of the GenAI boom.

Japan Blames Lazarus for PyPi Supply Chain Attack

 

Japanese cybersecurity officials issued a warning that North Korea's infamous Lazarus Group hacking group recently launched a supply chain attack on the PyPI software repository for Python apps. 

Threat actors disseminated contaminated packages with names like "pycryptoenv" and "pycryptoconf" that are comparable to the real "pycrypto" encryption tools for Python. Developers who are duped into installing the malicious packages onto their Windows workstations are infected with a severe Trojan called "Comebacker.” 

"The malicious Python packages confirmed this time have been downloaded approximately 300 to 1,200 times," Japan CERT noted in a warning issued late last month. "Attackers may be targeting users' typos to have the malware downloaded.” 

Comebacker is a general-purpose Trojan that can be used to deliver ransomware, steal passwords, and infiltrate the development pipeline, according to analyst and senior director at Gartner Dale Gardner. 

The trojan has been used in multiple attacks linked to North Korea, including one against a npm software development repository. 

Impacting Asian Developers

Since PyPI is a centralised service with a global reach, developers worldwide should be aware of the most recent Lazarus Group campaign. 

"This attack isn't something that would affect only developers in Japan and nearby regions," Gardner explains. "It's something for which developers everywhere should be on guard." 

Several experts believe non-native English speakers may be more vulnerable to the Lazarus Group's most recent attack. Due to communication issues and limited access to security information, the attack "may disproportionately impact developers in Asia," stated Taimur Ijlal, a tech specialist and information security leader at Netify. 

According to Academic Influence's research director, Jed Macosko, app development groups in East Asia "tend to be more tightly integrated than in other parts of the world due to shared technologies, platforms, and linguistic commonalities." He believes intruders may be looking to take advantage of regional ties and "trusted relationships." 

Small and startup software businesses in Asia often have lower security budgets than their Western counterparts, according to Macosko. "This means weaker processes, tools, and incident response capabilities — making infiltration and persistence more attainable goals for sophisticated threat actors.” 

Cyber Defence

Protecting application developers from software supply chain threats is "difficult and generally requires a number of strategies and tactics," Gartner's Gardner explained. 

Developers should use extra caution and care while downloading open source dependencies. Given the amount of open source used today and the pressures of fast-paced development environments, it's easy for even a well-trained and vigilant developer to make a mistake, Gardner added. 

Gardner recommends using software composition analysis (SCA) tools to evaluate dependencies and detect fakes or legitimate packages that have been compromised. He also suggests "proactively testing packages for the presence of malicious code" and validating packages using package managers to minimise risk.

11 Malicious Python Packages Uncovered by Researchers

 

Researchers have found 11 malicious Python packages which have been installed more than 41,000 times from the Python Package Index (PyPI) repository that might be used to obtain Discord access tokens, passwords, and even stage dependency misunderstanding attacks. 

These Python packages have now been withdrawn from the repository as a result of JFrog's responsible disclosure —
  • important package / important-package 
  • pptest 
  • ipboards 
  • owlmoon 
  • DiscordSafety 
  • \trrfab 
  • 10Cent10 / 10Cent11 
  • yandex-yt 
  • yiffparty 

Two of the programs ("importantpackage," "10Cent10," and their variants) were discovered to gain a reverse shell upon that compromised system, granting the attacker total control over an affected system. Using a technique known as dependency confusion or namespace confusion, two additional packages, "ipboards" as well as "trrfab" masqueraded as valid dependencies intended to be immediately imported. 

Apart from typosquatting attacks, in which a threat actor purposefully discloses packages with misspelled names of popular variants, dependency confusion works by posting poisoned elements with the same names as valid internal private packages, although with a higher version as well as posted online to public repositories, basically forcing the target's package manager to download and install the nefarious module. 

The dependency "importantpackage" is particularly notable for its new network-based detection technique, which involves exploiting Fastly's the content delivery network (CDN) to disguise connections with the attacker-controlled server as interactions with pypi[.]org. 

The malicious code "causes an HTTPS request to be sent to pypi.python[.]org (which is indistinguishable from a legitimate request to PyPI), which later gets rerouted by the CDN as an HTTP request to the [command-and-control] server," JFrog researchers Andrey Polkovnychenko and Shachar Menashe noted. 

Eventually, both "ipboards" and a fifth package known as "pptest" were revealed to use DNS tunneling as a data exfiltration technique, depending on DNS requests as a means of communicating between both the victim PC and the remote server. According to JFrog, this is the first time the approach has been discovered in malware posted to PyPI. 

Targeting prominent code registries such as Node Package Manager (NPM) JavaScript registry, PyPI, and RubyGems has become routine, opening up a new arena for a variety of assaults. 

"Package managers are a growing and powerful vector for the unintentional installation of malicious code, and […] attackers are getting more sophisticated in their approach," said Menashe, JFrog's senior director of research. "The advanced evasion techniques used in these malware packages, such as novel exfiltration or even DNS tunneling signal a disturbing trend that attackers are becoming stealthier in their attacks on open-source software."

‘mitmproxy2’ Removed by PyPI due to Code Execution Issues

 

A Python package called 'mitmproxy2' was pulled off from the PyPI repository because it was a replica of the official "mitmproxy" library, though with an "artificially introduced" code execution flaw. 

The official Python library 'mitmproxy' is a free and open-source engaging HTTPS proxy that gets over 40,000 weekly downloads. 

Mitmproxy is an open-source proxy program that uses a man-in-the-middle technique to monitor HTTP and HTTPS connections between any HTTP(S) client (such as a mobile or desktop browser) and a web server (MITM).

Maximilian Hils, one of the developers of the 'mitmproxy' Python library, brought everyone else's attention to a fake'mitmproxy2' package submitted to PyPI, on the 11th of October. "mitmproxy2" is near "the same as regular mitmproxy, but with an artificial RCE vulnerability included." 

As Hils told Bleeping Computer, his biggest worry is that certain software developers would misunderstand 'mitmproxy2' for a newer version of 'mitmproxy,' resulting in vulnerable code being accidentally included in their products. Whilst investigating an unconnected PyPI warehouse problem, Hils came across this imitation package via "happy little accident". 

"When you run mitmproxy's web interface, we expose an HTTP API for that. If you remove all safeguards from that API, everyone on the same network can execute code on your machine with a single HTTP request," Hils told Bleeping Computer in an email interview. 

It's also unclear if the person who released the copycat 'mitmproxy2' software did the same with malevolent purposes or just because of poor coding techniques. It would have been much easier to just put some harmful code that is immediately executed upon installation. 

However, the issue is that if one uploads it to PyPI as 'mitmproxy2' with a version number that says it's newer/superseded, users will undoubtedly download it without realizing the changes. 

While investigating 'mitmproxy2,' BleepingComputer noticed that a new package called 'mitmproxy-iframe' had also arrived on the PyPI repository less than a day after 'mitmproxy2' was deleted. 

Since anyone can upload packages to open-source ecosystems, cybersecurity threats and attacks such as virus injection, typosquatting, brandjacking, and dependency misunderstanding have increased significantly in recent years. 

Such "whack-a-mole" problems will always repeat themselves unless actual validations are implemented by open-source registries.

JFrog Expose Code Injection Vulnerability Affecting Yamale Python Package

 

Security researchers at JFrog, have recently exposed a code injection vulnerability in Yamale, a schema and validator for YAML, that could easily be exploited by an attacker to execute arbitrary Python code.

The issue tracked as CVE-2021-38305 (CVSS score: 7.8), allows hackers to circumvent existing protections and execute arbitrary Python code by exploiting the schema file provided as input to Yamale, JFrog security researchers explained.

Yamale is a Python package that allows manufacturers to validate YAML (a data serialization language for writing configuration files) from the command line. The popular package is used by at least 224 repositories On GitHub.

"This gap allows attackers that can provide an input schema file to perform Python code injection that leads to code execution with the privileges of the Yamale process. We recommend sanitizing any input going to eval() extensively and — preferably — replacing eval() calls with more specific APIs required for your task,” JFrog Security CTO Asaf Karas stated. 

According to researchers, the vulnerability has been patched in Yamale version 3.0.8. "This release fixes a bug where a well-formed schema file can execute arbitrary code on the system running Yamale," the developers of Yamale noted.

The findings are the latest in a series of security flaws unearthed by JFrog in Python packages. In June 2021, Yamale revealed typo squatted packages in the PyPi repository that were identified to download and implement third-party cryptominers such as T-Rex, ubqminer, or PhoenixMiner for mining Ethereum and Ubiq on exploited devices. 

Soon after, the JFrog security researchers uncovered eight more malicious Python libraries, downloaded over 30,000 times, that could have been exploited to implement remote code on the targeted device, collect system data, automatically store credit card information and passwords in Chrome and Edge browsers, and even steal Discord authentication tokens.

"Software package repositories are becoming a popular target for supply chain attacks and there have been malware attacks on popular repositories like npm, PyPI, and RubyGems," the researchers said. "Sometimes malware packages are allowed to be uploaded to the package repository, giving malicious actors the opportunity to use repositories to distribute viruses and launch successful attacks on both developer and CI/CD machines in the pipeline."

Attackers Use Cryptomining Malware to Target Organizations

 

Earlier this year in June, a security researcher from security firm Sonatype uncovered six malicious payloads in the official Python programming language’s PyPI repository that were laced with cryptomining malware. 

The attackers used typo-squatted names for the malicious payloads that were downloaded more than 5000 times. All the packages were posted on PyPI by the author “nedog123,” some as early as April of this year. Attackers used typosquats to trick people into thinking they were normal programs and hide their main purpose of hijacking developer systems for cryptomining. 

The PyPI event is complex because it combines three different kinds of attacks: logic bombs, cryptojacking, and software supply chain attacks. The risk posed by these kinds of attacks requires immediate action from organizations if they want to shield their database. 

Logic Bomb Attacks 

A logic bomb also known as 'code bomb', cyber bomb, or slag code is a malicious piece of code that gets executed under specific conditions, usually with a malicious purpose. One challenge with logic bomb attacks is that they are sneaky in nature and can go undetected for long periods of time. 

All the logic bomb attacks vary in form and function from one another which help malicious actors to install logic bombs that victim can’t easily detect. The logic bomb attacks are used for various purposes like stealing data, deleting or corrupting data, locking systems, or launching cryptomining processes.

Cryptojacking 

Cryptojacking, the illicit hijacking of computers, smartphones, or even servers to mine cryptocurrency. Attackers can steal huge bandwidth and compute energy, and, in the end, financial resources as it works to solve the equations needed for mining currency. In fact, the high resource demand — the high cost of cryptomining — is exactly why attackers are stealing it with cryptomining malware. Threat actors use crypto-malware because its behavior is hard to predict. In addition, it’s a foot in the door for other kinds of payloads and breaches. 

Software supply chain attack

Software supply chain attack, the most common method to target organizations by adding malicious code in third-party software with the aim of compromising applications that use that software. According to the State of the Software Supply Chain report, supply chain attacks have increased by a staggering 650% year-on-year, versus a figure of 430% last year. 

“Next-generation software supply chain attacks are far more sinister, because bad actors are no longer waiting for public vulnerability disclosures to pursue an exploit. Instead, they are taking the initiative and injecting new vulnerabilities into open source projects that feed the global supply chain, and then exploiting those vulnerabilities before they are discovered,” the report noted. 

How to mitigate the risks 

Organizations are advised to follow the steps mentioned below to protect their database: 

• Use trusted antivirus software 
• Perform regular OS updates 
• Avoid downloading apps from untrusted sources 
• Use red team tests to learn how supply chain attacks could play out within your organization and figure out how to best respond 
• Blacklist mining sites, pirate software sites, and other sites are likely to lead to shady downloads 
• Disable JavaScript, if feasible 
• Train employees on basic digital safety awareness and practices.