Research reveals that up to 22,000 PyPI packages could be at risk of being hijacked in a newly developed supply chain attack technique.
Security researchers at DevOps specialist JFrog have published a blog post warning developers about a new attack technique that leverages the ability to re-register popular packages once the original owner removes them from the PyPI index.
Bent 'Renaissance Kidnapping'The technique is based on a popular attack vector used to target open source software repositories, “typosquatting,” whereby hackers register package names that are nearly identical to popular ones used in thousands of applications.
Often, by just changing one letter, developers can accidentally install the malicious package if they don't pay close attention to its name.
Relying on human error, the effectiveness of this type of attack has diminished somewhat as developers have become more aware of the technique and modern development environments have begun to introduce mitigations to neutralize the threat.
However, Revival Hijack takes advantage of the fact that when developers remove their projects from the PyPI repository, their names become immediately available.
This presents an opportunity where threat actors can quickly upload their own malicious package under the same name and wait for unsuspecting developers or CI/CD systems to download it.
JFrog noted that the only protection to protect developers from inadvertently downloading malicious packages is a dialog box warning the original developer about the potential consequences of removing the package.
One of the blog's authors, Brian Moussalli, malware research lead at JFrog, warned that this technique is already being exploited on the web, providing an example of the 'pingdomv3' package being hijacked by threat actors.
He added that this is simply the latest technique in an increasingly complex PyPI packet attack surface.
“The attack surface of the PyPI package is continually growing. Despite proactive intervention in this case, users should always remain vigilant and take the necessary precautions to protect themselves and the PyPI community from this hijacking technique.”
PyPi attack, “extremely powerful,” does not depend on human error
Moussalli and his co-author, Andrey Polkovnichenko, a security researcher at JFrog, called the attack “extremely powerful” and offered three justifications for this description.
First, unlike previous techniques such as typosquatting, the attack does not depend on the victim making a mistake when installing the package.
Moreover, most developers consider upgrading a “previously safe” package to its latest version as a risk-free operation, not understanding that this latest version could be from a different developer and potentially malicious.
Finally, Moussalli and Polkovnichenko noted that many CI/CD machines are configured to install these packages automatically, meaning they could be loading malware onto your system without any human intervention.
Henrik Plate, a security researcher at Endor Labs, stressed that the risk this attack vector poses to end users is very real, but depends on the popularity of the package and the interval between the removal of the original and the upload of the malicious package.
“This risk is real and depends on the popularity of the package. The risk is likely lowered if the packages have been removed for a long time, because the longer a package has been out of service, the more developers and channels have noticed its lack of availability and adapted their dependency declarations.”
Plate referred to the 'pingdomv3' example provided by Moussalli and Polkovnichenko, highlighting the speed with which the attacker was able to upload a decoy packet with the same name.
“In this context, it is worth noting that the provided example was restored shortly after the removal, which could indicate that the attacker monitored package removals on PyPI.”