A new malicious package has been found on the Python Package Index (PyPI) repository that could hide code in images with a steganographic technique and infect users through open-source projects on Github.
The discovery has been made by Check Point Research (CPR), who shared it with Infosecurity earlier today.
“The malicious package we detected is named ‘apicolor.’ At first glance, it seemed like one of the many in-development packages on PyPI,” reads the advisory. “After taking a deeper look into the package installation script, researchers noticed a strange, non-trivial code section at the beginning.”
The code in question was responsible for manually installing additional requirements, then downloading a picture from the web and using the newly installed package to process the image and trigger the processing generated output using the exec command.
“While searching the web for legit projects, a user will come across these GitHub open-sourced projects and install them locally, not knowing it brings in a malicious package import,” CPR wrote. “It’s important to note that the code seems to work. In some cases, there are empty malicious packages.”
According to Ori Abramovsky, head of data science at SpectralOps (a Check Point company), the company constantly scans PyPI for malicious packages and responsibly reports them to PyPI.
“This one is unique and distinct from almost all the malicious packages we have encountered before. This package differs in the way it camouflages its intent and the way in which it targets PyPI users to infect them with malicious imports on GitHub,” the data experts told Infosecurity.
Abramovsky added that the new findings indicate that PyPI malicious packages and related obfuscation techniques are evolving rapidly.
“The package we have shared here reflects careful and meticulous work. It is not the regular copy and paste that we commonly see, but what seems like a real campaign. The creation of the GitHub projects, then smartly hiding the code and downplaying the packages on PyPI, are all sophisticated work.”
To protect against attacks like this, CPR recommends companies use threat code scanners to double-check third-party packages and ensure that ratings on projects on GitHub are not synthetically generated.
The technical write-up comes roughly two months after an advisory by SentinelLabs and Checkmarx linked a threat actor called ‘JuiceLedger’ to the first known phishing campaign targeting PyPI users.