This week we have identified malicious Python packages on the PyPI software registry that carry out a bunch of nefarious activities including:
- dropping malware
- deleting the “netstat” utility
- tampering with the SSH “authorized_keys” file on your system.
Tracked under sonatype-2023-0810 in our data, these malicious PyPI packages are listed below:
- aptx - 237 downloads*
- bingchilling2 - 70 downloads*
- httops - 39 downloads*
- tkint3rs - 105 downloads*
(*Download stats are provided by pepy.tech and may include downloads initiated by both humans and automated mirrors)
These findings were flagged by Sonatype's automated malware detection system, offered as a part of Sonatype Repository Firewall. Our security researcher Oscar Prado further analyzed these packages and reported them to PyPI admins given the evidence of malicious activity.
Named tactfully, and mawkishly
Most of these packages had well thought out names, to purposely confuse people. For example, “aptx” is Qualcomm’s highly popular audio codec used by a variety of Bluetooth devices. “Httops” and “tkint3rs” are intentional mispellings (typosquats) of “https” protocol and the “tkinter” Python interface respectively.
As for bingchilling2, you be the judge.
Taking a look inside ‘aptx’ for example, we see a simple ‘setup.py’ manifest file that appears benign, with dummy authorship information:
Obfuscated Meterpreter trojan disguised as “pip”
Scrolling past the blank lines we notice the introduction of suspicious code:
The malicious code keeps creating familiar sounding files in the “.pip,” directory. But do not be fooled. This has got nothing to do with the Python development tool “pip.”
Lines 50 and 54 containing a Python “bytes object” in hex are essentially creating a Linux binary (ELF) file which is a Meterpreter trojan generated by the pentesting tool, Metasploit [VirusTotal analysis]. The file is highly stripped and obfuscated which hinders analysis. Meterpreter payload executes in-memory and enables an attacker to gain shell access to the infected machine.
Additionally, lines 58-59 attempt to remove the “netstat” utility that can be used by an admin to identify active connections, and retrieve routing tables and network diagnostics information.
Further down, the code attempts to create/modify the “authorized_keys” file present in the “.ssh” folder. This will further make it easier for the attacker to establish an SSH backdoor on the infected machine that they can later connect to.
The last few lines of code simply configure the permissions on the “authorized_keys” file and run the malicious ELF file created previously.
Notice the “try”-”except: pass” blocks throughout the code. These will suppress any errors and warnings that may occur as the malicious code attempts to execute its steps. Should one or more steps fail, the execution control will quietly proceed to the next one.
Now this is a sleek but real world example of damaging malware that successfully made its way into the open source ecosystem, among the list of countless others [1, 2] that we have time and time reported on.
These packages were removed shortly after our report to PyPI, prior to publishing.
Users of Sonatype Repository Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.