Python Package Index (PyPI) targeted in supply chain attack
ReversingLabs has uncovered a novel attack targeting the Python Package Index (PyPI). This attack method involves integrating malware with compiled code, exploiting the direct execution capabilities of Python byte code (PYC) files. By leveraging PYC files, the attackers are able to evade detection by security systems that primarily focus on examining source code files.
Karlo Zanki, a reverse engineer at ReversingLabs, highlighted the significance of this supply chain assault, as it marks the first known exploitation of PYC file execution. This poses a serious threat to the overall security of the software supply chain. The attack on PyPI is part of a broader trend, with various open-source code repositories like GitHub, NPM, and RubyGems also being targeted. The attackers aim to inject harmful code into packages, hoping that developers unknowingly include it in their software products.
ReversingLabs named this new attack method “fshec2.” Its discovery has shed light on the possibility of other unreported assaults on PyPI. Prompt action was taken by the PyPI security team to promptly remove the fshec2 attack from the platform. However, PyPI researchers have acknowledged the attack’s unusual characteristics and cautioned that similar methods may be employed by other attackers in the future.
During their investigation, ReversingLabs identified distinctive features and behaviors in fshec2 through standard repository searches. While the first two files within the package held no significance, the researchers became intrigued by the third file, named full.pyc. Unlike previous PyPI attacks that rely on obfuscation techniques to hide malware, fshec2 encapsulated all dangerous code and functions into a single file containing generated Python bytecode. This departure from conventional attack methods presents a greater challenge for detection.
Upon closer examination of the full.pyc file, the researchers discovered a method called “get_path” that performed malicious actions, including the extraction of sensitive information such as usernames, hostnames, and directory listings. However, the bytecode format of the file made it unreadable to traditional inspection tools like PyPI’s Inspector. To assess its contents and uncover the suspicious and harmful behavior, it was necessary to decompile the compiled code from the.pyc file.
This newly exposed exploit underscores the importance of identifying malicious functions like “get_path” for both security teams and DevSecOps. Many security solutions currently lack the capability to evaluate source code during package inspections, leaving malware embedded within Python-generated bytecode undetected.
In response, PyPI implemented several initiatives aimed at bolstering its defenses. These measures include the removal of default PGP signature support, a security partnership with Amazon Web Services, and the introduction of mandatory two-factor authentication for all accounts.
The sources for this piece include an article in TheRegister.