Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data
Dec 19, 2022
Software Security / Supply Chain
Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak . The package, named SentinelOne and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen versions pushed in quick succession over a period of two days. It claims to offer an easier method to access the company's APIs , but harbors a malicious backdoor that's engineered to amass sensitive information from development systems, including access credentials, SSH keys, and configuration data. What's more, the threat actor has also been observed releasing two more packages with similar naming variations – SentinelOne-sdk and SentinelOneSDK – underscoring the continued threats lurking in open source repositories. "The SentinelOne ...
