These packages were spread by ‘ os.system(“pip install package”)’ calls planted in forks of popular GitHub repos, such as ‘chatgpt-api’. May 2023: As originally reported by Phylum, several malicious packages were uploaded to PyPI containing early parts of the current payload. Here is a brief history of this malicious campaign: Kind of ironic to see it spreading by humans after such heavy reliance on automation. For example, here you can see thousands of forks appear in the summary but none in the details.īecause of the operation’s large scope, this campaign has a sort of 2nd-order social engineering network effect when, every now and then, naive users fork the malicious repos without realizing they are spreading malware. We know the removal is automated because many of the original ones still exist, and it mainly targets the fork bombs. Usually the removal happens a few hours after the upload, so it’s challenging to document them. You can check out a small portion of the current wave yourself by simply searching the following in GitHub: □ 2024 language:python.Ĭounting the removed ones, the number of repos reaches millions. Because the whole attack chain seems to be mostly automated on a large scale, the 1% that survive still amount to thousands of malicious repos. However, the automation detection seems to miss many repos, and the ones that were uploaded manually survive. Most of the forked repos are quickly removed by GitHub, which identifies the automation. It then sends it back to the malicious actors’ C&C (command-and-control) server and performs a long series of additional malicious activities.Ĭode analysis The automation effects on GitHub The malicious code (largely a modified version of BlackCap-Grabber) would then collect login credentials from different apps, browser passwords and cookies, and other confidential data. Once unsuspecting developers use any of the malicious repos, the hidden payload unpacks seven layers of obfuscation, which also involves pulling malicious Python code and later a binary executable. What happens when the malicious repos are in use? Covertly promoting them across the web via forums, discord, etc.Automatically forking each thousands of times.Uploading them back to GitHub with identical names.Cloning existing repos (for example: TwitterFollowBot, WhatsappBOT, discord-boost-tool, Twitch-Follow-Bot, and hundreds more).In this case, in order to maximize the chances of infection, the malicious actor is flooding GitHub with malicious repos, following these steps: But dependency confusion attacks take advantage of how package managers work, while repo confusion attacks simply rely on humans to mistakenly pick the malicious version over the real one, sometimes employing social engineering techniques as well. Similar to dependency confusion attacks, malicious actors get their target to download their malicious version instead of the real one. The attack impacts more than 100,000 GitHub repositories (and presumably millions) when unsuspecting developers use repositories that resemble known and trusted ones but are, in fact, infected with malicious code. Our security research and data science teams detected a resurgence of a malicious repo confusion campaign that began mid-last year, this time on a much larger scale.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |