Danger in the Python Package Index: Malicious Code Lurking in PyPI

While concerning, this attack vector also provides an opportunity to reinforce best practices around vetting and reviewing dependencies in Python and other languages. The key is applying lessons learned to mitigate risk without losing the incredible value of open source.

Details of Malicious Packages

Security researchers discovered three malicious Python packages that were uploaded to PyPI, the official third-party software repository for the Python programming language. The malicious packages were:

• python3-dateutil - This package contained a reverse shell module that allowed remote command execution. Once installed, it could enable attackers to gain full control over the victim's system.

• jeIlyfish - This misspelled package masqueraded as a legitimate jellyfish library. It exported a leet function that could execute system commands.

• pillow-simd - This package spoofed the real pillow-simd image library. It exported a primals module that enabled remote code execution.

If installed, all three packages leveraged Python's extensive capabilities and third-party ecosystem to carry out malicious actions. They posed a serious threat to Python developers and systems running Python applications.

Infection Vector

The infection began by compromising PyPI accounts belonging to legitimate developers. The threat actors uploaded malicious versions of legitimate packages, often using confusingly similar package names.

For example, one malicious package was called "qrcode" compared to the legitimate "qrcode[all]" package. The extra "[all]" was left off to appear as the original.

Once published on PyPI, the malicious packages spread quickly. Developers frequently use pip or poetry for dependency management in Python projects. When dependencies are installed, pip pulls packages from PyPI automatically.

So any project that listed the compromised packages as dependencies resulted in the malware being installed. This allowed the malicious code to propagate rapidly to end-users via PyPI before being detected.

The supply-chain style attack through a trusted platform like PyPI demonstrates how dangerous typosquatting and social engineering can be in open source. It also served as a wake-up call to vet dependencies and practice defense in depth.

Developer Accounts Compromised

The report details how the threat actors could compromise legitimate developer accounts on PyPI to distribute their malicious packages. Once the developer accounts were compromised, the attackers could publish malicious versions of legitimate packages and distribute malware to unsuspecting users.

Some of the common techniques used to compromise developer accounts included phishing, password spraying, and exploiting previously disclosed vulnerabilities. The report found that compromised credentials were likely obtained through various data breaches over the years and then leveraged in credential-stuffing attacks.

This highlights the importance of using strong, unique passwords across all accounts and enabling two-factor authentication wherever possible. Developers must also protect their accounts and respond quickly to suspicious activity.

The report is an important reminder that the open-source software supply chain faces risks. Malicious actors actively seek ways to distribute malware by compromising infrastructure and developer accounts. The infosec community needs to continue working on improving the open-source ecosystem's security.

What Are the Implications for Open Source?

The compromised Python packages on PyPI underscore serious concerns about the open-source software supply chain. Millions of developers rely upon open-source repositories like PyPI and npm daily. The ability of threat actors to insert malicious code into critical open-source libraries creates massive risks.

Once tainted code enters an open-source repo, it can spread exponentially fast. Downstream dependencies and products inheriting the bad code can infect countless applications and systems. Compromised developer accounts further amplify the attack surface and blast radius. This enables threat actors to target various industries and organizations under the radar.

The incident reveals glaring vulnerabilities in the open-source ecosystem, especially regarding identity assurance. Without sufficient safeguards, attackers can easily impersonate and commandeer legitimate developer accounts. More rigorous identity proofing and verification controls are needed to secure software repositories.

Open source maintainers must also improve proactive security to detect anomalous and suspicious check-ins. Repositories should leverage threat intelligence, behavioral analysis, sandbox environments, and automated code scanning. While open source delivers immense value, we must reinforce its security foundations.

Detection and Protection

Detecting and protecting against malicious Python packages requires vigilance on multiple fronts.

At the developer level, use multi-factor authentication for PyPI and GitHub accounts to prevent account takeovers. Monitor account activity closely through notifications and audit logging to identify any unusual or unauthorized actions.

Secure software development practices like code reviews and static analysis are established for organizations to catch malicious code before deployment. Perform malware scans on dependencies before use in production applications. Limit what base images and packages can be used to only trusted sources.

System administrators should employ endpoint detection solutions that watch for suspicious Python process behavior like network calls, filesystem changes, and execution of OS commands. Monitor systems for unexpected or unnecessary Python packages being installed.

Network security teams can analyze traffic to and from PyPI for command and control or data exfiltration patterns. Detect outbound encrypted connections from Python processes to unknown destinations.

Security operations centers should create threat intel feeds of malicious packages, accounts, and infrastructure to block. Have incident response plans ready for supply chain attacks through Python dependencies.

For all Python users, only install packages from reliable sources and developers. Check user reviews and the maturity of packages before using. Run updates frequently and monitor Python-related security announcements. Practice defense in depth to limit damage from any single compromise.

Multiple layers of protection at the development, organizational, network, and endpoint levels can significantly reduce the threat from malicious Python packages. However, continued vigilance and collaboration across the open-source community are key to identifying and responding to new supply chain attacks.

Lessons Learned

The recent discovery of malicious Python packages being distributed through PyPI is an important reminder of the need for diligence when consuming and publishing open-source software. There are several key takeaways from this incident that both developers and users of open source should keep in mind going forward:

• Trust but verify. While the open-source community prides itself on transparency and trust, incidents like this demonstrate that attackers are finding ways to exploit that trust. Consumers of open-source packages should use tools to scan for vulnerabilities or malware before deploying and be cautious about immediately updating to the latest version without fully verifying the changes.

• Developer credentials matter. The compromised developer accounts used in this attack had existed for years and built up a reputation of trustworthiness. Developers should be extremely protective of their credentials for publishing open-source packages and enable multifactor authentication wherever possible.

• Monitor dependencies. The malicious packages in this incident were dependencies used by other legitimate projects. Keeping track of all dependencies used in a project and watching for vulnerabilities or suspicious changes helps mitigate risk.

• Defense in depth. No single solution will fully protect against threats like compromised packages. Combining scanning tools, dependency monitoring, credential protection, and code audits makes open-source use more secure and resilient.

This incident is a reminder to remain vigilant about security, even when using reputable open-source libraries. However, staying informed and combining proactive measures can help defend open-source projects and users against emerging threats.

Prevention Strategies

The open-source community must come together to implement better security practices in order to prevent similar supply chain attacks targeting PyPI and other package repositories in the future.

First, two-factor authentication should be required for all developer accounts that can publish packages. This would prevent malicious actors from easily hijacking legitimate accounts.

In addition, package repositories need to implement code scanning to detect malware or suspicious activity. Machine learning could be leveraged to automatically flag anomalous publishing patterns or new packages from dormant accounts.

Developers should also leverage tools like virtualenv and containerization to isolate their Python environments. This would limit the blast radius if a compromised package is installed.

Finally, end users should only install packages from trusted sources and avoid pip installing directly from PyPI in production environments. Organizations should have a vetting process for evaluating open-source software dependencies.

With increased vigilance and proactive security measures, the open-source community can reduce the risk of supply chain attacks that could undermine the integrity of critical software ecosystems. However, it requires a coordinated effort among all stakeholders.

Final Thoughts on Python Security

This report highlights the growing threat of malware being distributed through open-source repositories like PyPI.

Although concerning, this type of attack is not entirely surprising given the popularity and ubiquity of Python packages and open source in general. As more developers rely on downloading and integrating third-party code, there is increased vulnerability if proper security practices are not followed.

For organizations, some key takeaways include being vigilant about vetting and scanning any Python packages before use in production systems. Monitoring account activity is also critical to detect any potential compromises early on. Multi-factor authentication should be required for all accounts that allow uploading to repositories.

For individual developers, enabling 2FA, using unique passwords, and being cautious about third-party contributions can help reduce risk. It's also important to be selective about sharing account credentials across projects and teams.

Overall, Open Source allows developers to build faster by standing on the shoulders of others. But inherent in this free exchange of code is the risk of introducing vulnerabilities, whether intentionally through malware or unintentionally. As the adoption of platforms like PyPI continues to grow, all stakeholders must remain proactive about security to minimize attacks. With greater awareness and collective responsibility, the benefits of open source can continue to outweigh the risks.