A fresh chain supply assault strategy focused on the Python Package Index (PyPI) registry has been utilized in the wild to penetrate downstream organizations.
Dubbed Revival Hijack by software supply chain security company JFrog, this attack method has the potential to take control of 22,000 current PyPI packages leading to “hundreds of thousands” of illegitimate package downloads. These susceptible packages have a track record of over 100,000 downloads or have been operational for more than six months.
“The offensive strategy involves commandeering PyPI software packages by altering the possibility of re-registering them once they are removed from PyPI’s index by the original proprietor,” mentioned JFrog security professionals Andrey Polkovnychenko and Brian Moussalli in a document made available to The Hacker News.
At its essence, the assault is based on the fact that various Python packages uploaded in the PyPI repository are withdrawn, making them accessible for registration by any other user.
According to data shared by JFrog, approximately 309 packages get eliminated every month on average. This could happen due to various reasons including lack of maintenance (e.g., abandonware), the package being re-published under a different name, or integration of the same features into official libraries or built-in APIs.
This scenario presents a lucrative target surface with greater effectiveness compared to typosquatting, which attackers could exploit by using their personal accounts to release malicious packages under the same name and with a higher version to contaminate developer setups.
“This tactic doesn’t hinge on the victim committing an error while installing the package,” noted the researchers, emphasizing how Revival Hijack can offer superior results from an adversary’s standpoint. “Upgrading a ‘previously secure’ package to its most recent version is seen as a secure operation by numerous users.”
Despite PyPI implementing safeguards against author impersonation and typosquatting attempts, JFrog’s investigation discovered that issuing the “pip list –outdated” command shows the fraudulent package as a new iteration of the original package, while in reality, the former represents a distinct package authored by a completely different person.
Moreover, running the “pip install –upgrade” command swaps the legitimate package with the fake one without any form of notification concerning the change in the package’s owner, potentially placing unaware developers at significant software supply chain risk.
JFrog mentioned that they created a new PyPI user account named “security_holding” to responsibly take over the vulnerable packages and replace them with hollow dummies to thwart malicious individuals from exploiting the withdrawn packages.
Additionally, each of these packages has been assigned version number 0.0.0.1 – the converse of a dependency confusion attack situation – to prevent developers from installing them inadvertently when executing a pip upgrade operation.
The disconcerting aspect is that Revival Hijack has been leveraged in real-world scenarios, with an unidentified threat actor named Jinnis launching a benign variant of a package dubbed “pingdomv3” on March 30, 2024, the same day the original owner (cheneyyan) removed the package from PyPI.
On April 12, 2024, this new developer purportedly released an update containing a Base64-encoded payload that scans for the existence of the “JENKINS_URL” environment variable, and if detected, executes an unfamiliar subsequent module fetched from a remote server.
“This indicates that the attackers either delayed executing the attack or tailored it to be more focused, possibly restricting it to a certain IP range,” reported JFrog.
This recent attack signals that malicious actors are setting their sights on supply chain attacks on a larger scale by targeting erased PyPI packages to extend the reach of their schemes. It is recommended for organizations and developers to scrutinize their DevOps pipelines to verify that they are not downloading packages that have already been removed from the repository.
“Exploiting a susceptible aspect in the management of removed packages enabled attackers to seize control of existing packages, facilitating installation on the target systems without any disruptions to the user’s workflow,” highlighted Moussalli, JFrog Security Research Team Lead.
“The PyPI package assault area is continuously expanding. Despite the preliminary measures taken here, users should perpetually remain cautious and adopt the necessary measures to safeguard themselves and the PyPI community from this seizure technique.”
About Author
