Malicious PyPI package

Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak.

The package, named SentinelOne and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen versions pushed in quick succession over a period of two days.

It claims to offer an easier method to access the company's APIs, but harbors a malicious backdoor that's engineered to amass sensitive information from development systems, including access credentials, SSH keys, and configuration data.

What's more, the threat actor has also been observed releasing two more packages with similar naming variations – SentinelOne-sdk and SentinelOneSDK – underscoring the continued threats lurking in open source repositories.

Cybersecurity

"The SentinelOne imposter package is just the latest threat to leverage the PyPI repository and underscores the growing threat to software supply chains, as malicious actors use strategies like 'typosquatting' to exploit developer confusion and push malicious code into development pipelines and legitimate applications," ReversingLabs threat researcher Karlo Zanki said in a report shared with The Hacker News.

What's notable about the fraudulent package is it mimics a legitimate SDK that's offered by SentinelOne to its customers, potentially tricking developers into downloading the module from PyPI.

Malicious PyPI package

The software supply chain security company noted that the SDK client code may have been "likely obtained from the company by way of a legitimate customer account."

Some of the data exfiltrated by the malware to a remote server include shell command execution history, SSH keys, and other files of interest, indicating an attempt on the part of the threat actor to siphon sensitive information from development environments.

It's not immediately clear if the package was weaponized as part of an active supply chain attack, although it has been downloaded more than 1,000 times prior to its removal.

Cybersecurity

When reached for comment, SentinelOne told The Hacker News that it's "not involved with the recent malicious Python package leveraging our name," and that the threat actors were not successful in their attempts.

"Attackers will put any name on their campaigns that they think may help them deceive their intended targets, however this package is not affiliated with SentinelOne in any way," the company said. "Our customers are secure, we have not seen any evidence of compromise due to this campaign, and PyPI has removed the package."

The findings come as ReversingLabs' State of Software Supply Chain Security report found that the PyPI repository has witnessed a nearly 60% decrease in malicious package uploads in 2022, dropping to 1,493 packages from 3,685 in 2021.

On the contrary, the npm JavaScript repository saw a 40% increase to nearly 7,000, making it the "biggest playground for malicious actors." In all, rogue package trends since 2020 have exhibited a 100 times rise in npm and more than 18,000% in PyPI.

"Though small in scope and of little impact, this campaign is a reminder to development organizations of the persistence of software supply chain threats," Zanki said. "As with previous malicious campaigns, this one plays on tried and true social engineering tactics to confuse and mislead developers into downloading a malicious module."


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.