Snakes in the grass! Malicious code slithers into Python PyPI repository

Software developers downloading a seemingly innocent software library could find themselves hemorrhaging Bitcoin thanks to a wily attack.

A cybersecurity researcher calling himself ‘Bertus’ on Medium detailed an exploit that uses a common alternative spelling, remote code execution, and a rogue Bitcoin address to try and steal cryptocurrency from developers using the Python programming language.

The malicious code was uploaded to PyPI, an online repository of software packages developed for the Python programming language. Developers can create and upload their packages for others to use in their own programs. There are packages for everything from natural language processing through to screen-scraping libraries.

Developers that want to give something back to the community package their programs by including an installation script called Others can download and install it with a single command – pip install. Normally, just installs legitimate Python software. However, attackers can use it to run malicious code that infects a computer.

In this case, a malicious actor created a PyPI package called colourama. It exploits a common spelling difference between US and British English to impersonate a legitimate PyPI package called colorama, which enables developers to produce colored terminal text in Microsoft Windows.

The name change is subtle, and developers may be fooled into installing the wrong package. As it installs, it creates a malware dropper designed to exploit Windows PCs. The dropper downloads malware written in Microsoft’s VBScript language.

The VBScript executes upon installation, adding a Windows registry entry to run it whenever the user logs into the computer. The malicious code then runs in the background and scans the Windows clipboard every 500ms.

If the malware detects something on the clipboard that looks like a Bitcoin address, it replaces it with another one owned by the attacker. A fast-fingered user who doesn’t check what they pasted could find themselves sending cryptocurrency to the cybercriminal that developed the software.

Supply chain shenanigans

The story here isn’t this particular package. It’s the vulnerability of the supply chain mechanism used to support free and open-source software. Open-source projects and communities are built upon goodwill and sharing, and packages are shared freely. That all works fine until toxins get into the system.

Earlier in October, the same researcher found 11 other malicious packages in the PyPI collection, also using typo-squatting to snare users. His work was inspired by Slovakia’s national security authority SKCIRT in autumn 2017, which found 10 malicious Python packages of its own.

While some packages simply use to install malicious software, others include malicious code directly in the Python software itself. Earlier this year, a package called SSH-decorator reportedly included a backdoor to steal the developer user’s SSH credentials (SSH is a digital key used to access online services).

In 2017, cybersecurity researcher Max Justicz found a basic flaw in Packagist, the equivalent of PyPI for the PHP language. Packagist required developers registering software with the service to include a URL where it could find their code. Unfortunately, the service didn’t check the input, meaning that attackers could simply insert a system command instead, which Packagist would then run. Justicz has also found bugs that would let him compromise supply chains for the Ruby programming language and the NPM package manager for nodeJS.

Without proper input processing for these package managers, and without proper scanning, open-source development communities could find poison software leaking into their ecosystems and compromising software in commercial use. Developers in these communities tend to reuse each other’s software, meaning that a bug or a compromise in one package can trickle through to many other systems.

Luckily, ‘colourama’ doesn’t seem to have caught on. According to the site PyPI Stats, the legitimate colorama package was downloaded over five million times in the last week. There were fewer than 50 downloads for the malicious colourama package in the last month.

That should be seen for the lucky escape it was though. The open nature of open source supply chains is one of the things that drives its success, but it has the potential to cause major headaches unless communities get to grips with it now.