- ReversingLabs discovered a malicious PyPI package named VMConnect.
- The package imitated common Python tools & showed suspicious behavior.
- The attack started on 28th July with daily appearances of notorious packages.
- PyPI team swiftly removed the packages, but attackers kept replacing them.
- Objectives of the attack remain unclear to researchers.
Threat researchers at ReversingLabs, a software supply chain security and malware analysis platform, have discovered a malicious new PyPI package dubbed VMConnect on the Python Package Index (PyPI) repository.
ReversingLabs’ reverse engineer, Karlo Zanki, wrote in a technical blog post that around 24 malicious Python packages were identified on the PyPI open-source repository. These packages imitated three very common, open-source Python tools, including pyVmomi VMware vSphere bindings’ wrapper module vConnector, databases that allow asyncio support for different databases, and a set of tools used to test Ethereum-based applications called eth-tester.
According to the company, its static analysis engine Titanium Platform identified the suspicious PyPI packages while performing routine scanning. Further probing revealed suspicious behaviour, such as the packages established communication with a C2 server for downloading additional malicious software. However, researchers didn’t observe any commands when this C2 server was live.
Per their analysis, this campaign went active on 28 July 2023 as that is when the first malicious package was published, and packages kept appearing on a daily basis, each being more notorious than the previous ones.
“Additionally, these malicious packages were promptly removed from PyPI, likely due to internal system detections or external reports. However, the attackers quickly replaced the packages, indicating a well-organized and ongoing campaign.”Karlo Zanki
Researchers have observed that campaign operators go to great lengths to make their malicious activities appear genuine. They achieve this by creating GitHub repositories with authentic-looking descriptions and even using legitimate source code. However, they deliberately remove any traces of their malicious behaviour from these repositories to build trust with potential victims.
Interestingly, this campaign managed to evade detection in the source code. Its presence was only discovered when researchers scanned the build process artefact. This sets it apart from other recently discovered supply chain campaigns like “Brainleeches.”
Suspicious PyPI packages have been found to exhibit deceptive behaviour by fully emulating the functionalities of the modules they imitate. To add to the deceit, these packages link to GitHub projects where their malicious behaviour has been cleverly removed, creating a false sense of trust in the PyPI release package.
The swift action taken by PyPI administrators is commendable, as all the malicious packages, including VMConnect, were swiftly removed from the platform within just three days of their appearance. However, this incident raises serious concerns, as researchers are noticing a growing trend of exploiting open-source modules to distribute malicious code and carry out various types of supply chain attacks.
In the past, the majority of supply chain attacks were targeted at the NPM open-source repository. Surprisingly, the PyPI repository has now become the prime target for such malicious activities. For instance, in January 2023, researchers detected 41 suspicious PyPI packages posing as popular HTTP libraries, and in March, a PyPI package named “termcolour” (after a now-defunct package) with multiple versions of a three-stage downloader was discovered by ReversingLabs.
Despite intensive investigation, researchers have been unable to determine the objectives of this campaign or what happens in its later stages. The purpose behind these attacks, whether it involves stealing sensitive data, conducting surveillance, launching ransomware, or a combination of these, remains unclear.