Malicious packages are actively infiltrating the Python Package Index (PyPI) and npm repositories, posing a significant threat to software supply chains. Security researchers have recently uncovered multiple campaigns where threat actors are exploiting the trust developers place in these popular open-source ecosystems. The attacks primarily leverage dependencies to compromise systems, often through a variety of sophisticated techniques.
The core of these attacks is the software supply chain, where malicious code is injected into a component that many other applications rely on. The PyPI and npm ecosystems are particularly vulnerable because modern software projects often use hundreds of open-source packages as dependencies. An attack on a single popular package can spread malicious code to countless downstream projects and users.
Attackers employ several methods to achieve this:
- Typosquatting: This technique involves creating packages with names that are very similar to popular, legitimate ones. Developers might accidentally type “coloramapkgsw” instead of “colorama” and unknowingly install a malicious package.
- Dependency Confusion: Attackers upload a malicious package to a public repository with the same name as a private, internal package used by a company. Due to the default behavior of some package managers, the public, higher-versioned malicious package is installed instead of the intended private one.
- Malicious Dependencies: A seemingly harmless package is created, but its true purpose is to pull in a second, hidden dependency that contains the actual malware. This multi-stage approach makes the initial package appear benign and harder to detect. For example, a package called
termncolorwas found to download a malicious payload via a dependency namedcolorinal.
Once installed, these malicious packages are designed to execute code during the installation process, before the developer even gets a chance to use them. The payloads are diverse and often aim for a significant impact:
- Credential Harvesting: Attackers steal sensitive data such as browser credentials, cryptocurrency wallet keys, and SSH keys. A recent npm package,
crypto-encrypt-ts, targeted cryptocurrency wallets specifically. - System Sabotage: Some packages have been found to contain “wiper” malware that deletes entire application directories. While not financially motivated, this type of attack can cause widespread damage and disruption.
- Remote Access: Malware can establish a persistent backdoor on the infected system, allowing attackers to run shell commands, take screenshots, and exfiltrate data remotely. One such campaign leveraged a compromised public access token to inject a remote access trojan into several packages.
Protecting against these attacks requires a multi-layered approach. Developers should be cautious when adding new dependencies and scrutinize package names for any suspicious typos. Using tools that automatically scan for known malicious packages and implementing stricter security policies for build pipelines are also essential steps. Companies should also consider auditing their dependencies and ensuring that private packages are given precedence over public ones to prevent dependency confusion attacks.
