Open-source security: It’s too easy to upload ‘devastating’ malicious packages, warns Google
Google has detailed some of the work done to find malicious code packages that have been sneaked into bigger open-source software projects.
“Unlike mobile app stores that can scan for and reject malicious contributions, package repositories have limited resources to review the thousands of daily updates and must maintain an open model where anyone can freely contribute. As a result, malicious packages like ua-parser-js, and node-ipc are regularly uploaded to popular repositories despite their best efforts, with sometimes devastating consequences for users,” Caleb Brown of Google’s Open Source Security Team explains in a blogpost.
“Despite open-source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software.”
The Package Analysis project identified more than 200 malicious packages in one month, according to OpenSFF. For example, it found token theft attacks on Discord users that were distributed on PyPl and npm. The PyPl package “discordcmd”, for example, attacks the Discord Windows client via a backdoor downloaded from GitHub and installed on the Discord app to steal Discord tokens.
Attackers distribute malicious packages on npm and PyPl often enough that it’s something OpenSSF, which Google is a member of, decided it needed to be addressed.
In March, researchers found hundreds of malicious packages on npm that were used to target developers using Microsoft’s Azure cloud, most of which contained typosquatting and dependency confusion attacks. Both types are social-engineering attacks that exploit repetitive steps when developers frequently update a large number of dependencies. Dependency confusion attacks rely on unusually high version numbers for a package that in fact may have no previous version available.
OpenSSF says most of the malicious packages it detected were dependency-confusion and typo-squatting attacks. But the project believes most of these are likely the work of security researchers participating in bug bounties.
“The packages found usually contain a simple script that runs during install and calls home with a few details about the host. These packages are most likely the work of security researchers looking for bug bounties, since most are not exfiltrating meaningful data except the name of the machine or a username, and they make no attempt to disguise their behavior,” OpenSSF and Google note.
OpenSSF notes that any of these packages “could have done far more to hurt the unfortunate victims who installed them, so Package Analysis provides a countermeasure to these kinds of attacks.”
The recent Log4j flaw highlighted the general risks of software supply chain security in open source. The component was embedded in tens of thousands of enterprise applications and prompted a massive and urgent clean-up by the US government. Microsoft last week also highlighted the role of software supply chain attacks carried out by Russian state-backed hackers in connection with military attacks on Ukraine.
This February, Google and Microsoft pumped $5 million into OpenSSF’s Alpha-Omega Project to tackle supply chain security. The Alpha side works with maintainers of the most critical open-source projects, while the Omega side will select at least 10,000 widely deployed open-source programs for automated security analysis.