Yesterday, ZDNet reported that the Python security team removed two fake Python libraries from PyPI (Python Package Index). These libraries were caught stealing SSH and GPG keys from the Python projects.
As per ZDNet, the two malicious clones were discovered by a German software developer Lukas Martini on 1st Dec. Both libraries were removed on the same day after Martini notified the developers and the PyPI security team.
The two libraries were created by the same developer and mimicked as other more popular libraries — using a technique called typosquatting, to register similar-looking names. The first is “python3-dateutil,” which imitated the popular “dateutil” library. The second is “jeIlyfish” (here the first L is an I), which mimicked the “jellyfish” library. One of them was uploaded on Pypi two days before while the other one was live for more than a year.
Purpose of stealing SSH and GPG keys
According to Martini, the malicious code was present only in the jeIlyfish library. The python3-dateutil package didn’t contain malicious code of its own, but it did import the jeIlyfish library, meaning it was malicious by association.
The malicious code read a list of hashes stored in a GitLab repository. The nature and purpose of these hashes is unknown, as neither Martini or the PyPI team detailed the behavior of stealing the keys before the library was removed.
ZDNet spoke to Paul Ganssle from the dateutil dev team, “The code directly in the `jeIlyfish` library downloads a file called ‘hashsum’ that looks like nonsense from a gitlab repo, then decodes that into a Python file and executes it,” Ganssle states.
“It looks like [this file] tries to exfiltrate SSH and GPG keys from a user’s computer and sends them to this IP address: http://220.127.116.11:32258. It also lists a bunch of directories, home directory, PyCharm Projects directory,” Ganssle added. “If I had to guess what the purpose of that is, I would say it’s to figure out what projects the credentials work for so that the attacker can compromise that person’s projects.”
Python developers advised to review projects
Excluding the malicious code, both typosquatted packages were identical copies of the original libraries, meaning they would have worked as the originals. Developers who didn’t pay attention to the libraries they downloaded or imported into their projects are advised to check if they’ve used the correct package names and did not accidentally use the typosquatted versions.
If they accidentally used any of the two, developers must change all SSH and GPG keys which they’ve used over the past year. This is the third time the PyPI team intervenes to remove typo-squatted malicious Python libraries from the official repository. Similar incidents took place recently in July 2019 and another in October 2018 and September 2017.
On this news, developers on Hacker News discuss about this as an OS issue. One of the user comments, “I don’t know what the solution is but it feels like this is a much bigger issue and we need some rethinking of how OSes work by default. Apple has taken some steps it seems the last 2 MacOS updates where they block access to certain folders for lots of executables until the user specifically gives that permission. Unfortunately for things like python the permission is granted to the Terminal app so once given, all programs running under the terminal inherit the permissions.
Microsoft has started adding short life VMs. No idea if that’s good. Both MS and Apple offer their App stores with more locked down experiences though I’m sad they conflate app security and app markets.
Basically anytime I run any software, everytime I run “make” or “npm install” or “pip install” or download a game on Steam etc I’m having to trust 1000s of strangers they aren’t downloading my keys, my photos, my docs, etc…I think you should be in control of your machine but IMO it’s time to default to locked down instead of defaulting to open.”