{"id":127,"date":"2024-09-04T13:05:00","date_gmt":"2024-09-04T13:05:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=127"},"modified":"2024-09-04T13:05:00","modified_gmt":"2024-09-04T13:05:00","slug":"thousands-of-abandoned-pypi-projects-could-be-hijacked-report","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=127","title":{"rendered":"Thousands of abandoned PyPI projects could be hijacked: Report"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>A vulnerability in abandoned Python open source repository projects could allow over 20,000 packages of code to be hijacked to spread malware in supply chain attacks.<\/p>\n<p>The warning for developers to be careful using the Python Package Index comes from researchers at JFrog, who discovered a vulnerability in PyPI\u2019s ability to allow contributors to remove and then re-register a package under a different name.<\/p>\n<p>\u201cUnfortunately,\u201d JFrog said <a href=\"https:\/\/jfrog.com\/blog\/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk\/\">in a report<\/a> released Wednesday, \u201conce a popular project is deleted, attackers can easily hijack the same package name and subsequently infect any user that tries to update that package to the latest version or re-installs it from scratch, which is popular in CI\/CD [continuous integration\/continuous deployment] machines that run a static pipeline.\u201d<\/p>\n<p>Threat actors have already discovered and are exploiting the hole, said report authors Andrey Polkovnychenko and Brian Moussalli.<\/p>\n<p>On March 30, the new owner of the abandoned \u2018pingdomv3\u2019 package released a seemingly benign update, followed on April 12 by another update that included malware. PyPI was notified and the package deleted.<\/p>\n<p>\u201cThis attack can be used to hijack 22K existing [abandoned] packages and subsequently lead to tens of thousands of malicious package downloads,\u201d they added in the report.<\/p>\n<p>To blunt that possibility JFrog created a PyPI account called \u2018security holding,\u2019 where the most downloaded abandoned packages were transferred. The original folders\u2019 contents were replaced with empty packages.<\/p>\n<h2 class=\"wp-block-heading\">What\u2019s the risk<\/h2>\n<p>What\u2019s the risk? On average, 309 packages are removed from PyPI each month, says the report.<\/p>\n<p>There are lots of reasons a developer may want to delete a project \u2013 they\u2019re tired of maintaining it, the package has been re-written by the same developer, or the same functionality has been added to an application\u2019s official libraries or built-in APIs.<\/p>\n<p>Regardless, deleting the package doesn\u2019t kill its name in PyPI. Instead, it becomes immediately available for registration by anyone else. That person could then re-write the package to include malware, hoping to sucker a developer into downloading it, and including it in a legitimate application that would be distributed to unwitting organizations. If so, the threat actor could have a backdoor into the organization.<\/p>\n<p>Because the tactic allows the revival of what a developer hopes is a dead project, JFrog developers call the tactic a Revival Hijack.<\/p>\n<h2 class=\"wp-block-heading\">Powerful weapon<\/h2>\n<p>It\u2019s an \u201cextremely powerful\u201d weapon for attackers, the report said, since it doesn\u2019t require the threat actor to give a similar name to a stolen package, a technique called typo-squatting.<\/p>\n<p>PyPI does have a safeguard, the report noted: A dialog box that warns the original developers about the potential consequences of deleting a project, including making the project name openly available. The developer then has to check off seven boxes showing they understand all the consequences before the project can be deleted.<\/p>\n<p>Another protection is PyPI\u2019s ability to distinguish between the author\u2019s name in the package metadata and the actual user who published the package. This measure helps prevent unauthorized users from falsely assuming the identity of legitimate authors, said the report.<\/p>\n<p>However, in a test when JFrog researchers created, deleted, and then substituted a phony package from a different account, PyPI listed it as a new version of the old package, even though it contained different code.<\/p>\n<p>Researchers from a number of cybersecurity companies have also discovered vulnerabilities in open source code repositories like PyPI, NPM, NuGet and GitHub. Typosquatting public and private packages is one of the major problems. For example, in 2022 Aqua Security <a href=\"https:\/\/www.aquasec.com\/blog\/private-packages-disclosed-via-timing-attack-on-npm\/\">described a timing attack<\/a> that could detect private packages in NPM, allowing a threat actor to then steal the package\u2019s name.<\/p>\n<p>Last year, Sonatype said the number of malicious packages it detected in open source platforms <a href=\"https:\/\/www.csoonline.com\/article\/654560\/why-open-source-software-supply-chain-attacks-have-tripled-in-a-year.html\">tripled compared to 2022<\/a>.<\/p>\n<p>In a <a href=\"https:\/\/www.reversinglabs.com\/blog\/the-state-of-software-supply-chain-security-2024-key-takeaways\">report released at the beginning of the year<\/a>, Reversing Labs said that there had been a more than 1,300% increase in threats circulating via open-source package repositories between 2020 and 2023. That included a 400% increase in threats found on the PyPI platform in 2023 alone, the report said. ReversingLabs discovered more than 7,000 instances of malicious PyPI packages in the first nine months of 2023, the vast majority of which were classified as \u2018infostealers\u2019.<\/p>\n<p>The worry for CISOs is that their applications can become unwitting carriers of infection. A <a href=\"https:\/\/info.checkmarx.com\/supply-chain-survey\">survey by Checkmarx<\/a> released in June said 56% of respondents said their applications contain open source software.<\/p>\n<p>In response to emailed questions, Shachar Menashe, JFrog\u2019s senior director of security research, said the company isn\u2019t sure Revival Hijack is a problem in other open source package repositories. But, he added, JFrog knows for certain it isn\u2019t in NPM because that platform doesn\u2019t allow re-registering abandoned packages due to this exact security risk.<\/p>\n<p>\u201cPyPI can follow in NPM\u2019s steps,\u201d he wrote, \u201cand disallow re-registering an abandoned package (or only allow the original maintainer to re-register after deletion). This is an <a href=\"https:\/\/discuss.python.org\/t\/stop-allowing-deleting-things-from-pypi\/17227\">active point of discussion<\/a> in the Python community on whether this should be implemented.<\/p>\n<p>\u201cThe problem is that while this is being discussed, attackers can already use this method to gain code execution on many PyPI users as we\u2019ve demonstrated.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Advice for CISOs, app leaders<\/h2>\n<p>Infosec leaders should warn their staff that a new version of a package can potentially include malicious code, he said, even if the last version of the package was completely fine. Upgrading is dangerous, even on a previously-trusted package, he added.<\/p>\n<p>Before deciding to upgrade a package, scan or inspect the latest version of that package to make sure it is safe, he urged. In addition, JFrog recommends upgrading to a new package version only after that version has existed publicly for at least 14 days, since after that time interval, package hijack attempts have usually been discovered<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A vulnerability in abandoned Python open source repository projects could allow over 20,000 packages of code to be hijacked to spread malware in supply chain attacks. The warning for developers to be careful using the Python Package Index comes from researchers at JFrog, who discovered a vulnerability in PyPI\u2019s ability to allow contributors to remove [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":128,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-127","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/127"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=127"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/127\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/128"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}