According to the operators of the Python Package Index (PyPI), 11 Python libraries have been removed from the portal.
According to the security team at JFrog, the DevOps platform that discovered this malicious library, 11 packages had been downloaded and installed over 30,000 times before the package was discovered.
It also appears that these packages were not developed by the same author, and each package contained slightly different behaviors and methods for exploiting data from infected systems, as shown in the table below.
| Package | # of downloads | Automated detection indicators | Description |
|---|---|---|---|
| importantpackage important-package | 6305 12897 | Shell process with obfuscated input | Hidden connectback shell to psec.forward.io.global.prod.fastly.net, using the trevorc2 client |
| pptest | 10001 | Suspicious version² | Uses DNS to send hostname+'|'+os.getcwd()+'|'+str(self.get_wan_ip())+'|'+local_ip_str |
| ipboards | 946 | Sensitive file handling Suspicious version | Dependency confusion, sends user info (username, hostname) via DNS tunneling to b0a0374cd1cb4305002e.d.requestbin.net |
| owlmoon | 3285 | eval with obfuscated input | Discord token stealer trojan. Sends tokens to https://discord.com/api/webhooks/875931932360331294/wA0rLs3xX_2JgqlfqEfpYoL9zer_Qs7hpsMbwaDl6-UByE_ZRHiXm0t1lr-o_3RFBqBR |
| DiscordSafety | 557 | exec with obfuscated input | Discord token stealer trojan. Sends tokens to https://tornadodomain.000webhostapp.com/stlr.php?token= |
| trrfab | 287 | Sensitive file handling Suspicious version | Dependency confusion, sends user info (id, hostname, /etc/passwd, /etc/hosts, /home) to yxznlysc47wvrb9r9z211e1jbah15q.burpcollaborator.net |
| 10Cent10 10Cent11 | 490 490 | Shell spawning Suspicious version | Connectback shell to hardcoded address 104.248.19.57 |
| yandex-yt | 4183 | Suspicious version | Prints pwned message and directs to https://nda.ya.ru/t/iHLfdCYw3jCVQZ, could be a malicious domain (currently seems inactive) |
| yiffparty | 1859 | eval with obfuscated input | Discord token stealer trojan. Sends tokens to https://discord.com/api/webhooks/875931932360331294/wA0rLs3xX_2JgqlfqEfpYoL9zer_Qs7hpsMbwaDl6-UByE_ZRHiXm0t1lr-o_3RFBqBR |
As is clear from the table above, 10 of the 11 packages were clearly malicious. One package, named “yandex-yt”, could easily be a distribution channel for malware.
This is a technique where an attacker registers a package with a name that may be in use within a closed enterprise network, and anticipates that the public package will be pulled when the enterprise package is removed and the dependency tree is not updated.
JFrog researchers have published a detailed analysis of each of the 11 malicious PyPI packages they have discovered.
Comments