SSH keys stolen by stream of malicious PyPI and npm packages

A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software developers on the platforms.

The campaign started on September 12, 2023, and was first discovered by Sonatype, whose analysts unearthed 14 malicious packages on npm.

Phylum reports that after a brief operational hiatus on September 16 and 17, the attack has resumed and expanded to the PyPI ecosystem.

Since the start of the campaign, the attackers have uploaded 45 packages on npm (40) and PyPI (5), with variants in the code indicating a rapid evolution in the attack.

Malicious packages

The complete list of the malicious packages distributed in this campaign can be found in the bottom section of Phylum's report.

However, it is worth noting that the following packages utilized typosquatting to resemble legitimate popular packages, which can trick developers into installing them:

• shineouts and @dynamic-form-components/shineout – mimicking the popular React library "Shineout"
• apm-web-vitals – could pass as "APM" (application performance monitoring) for Google's "web-vitals" library that measures web performance
• eslint-plugin-shein-soc-raw and @spgy/eslint-plugin-spgy-fe - pretending to be ESLint plugins
• ssc-concurrent-log-handler & sc-concurrent-log-handler - pretending to be legitimate logging utilities

According to Phylum, at least seven distinct attack waves and several phases featured code modifications to enhance stealth and add more specific targeting.

The first attack waves occurred between September 12 and 15, with the threat actors uploading new package sets daily, reaching a total of 33 packages.

The later attack waves occurred on September 18 (three packages), September 20 (five packages), and September 24 (4 packages).

In the initial waves, the packages had hardcoded data collection and exfiltration routines, containing the data collection code in plain text form internally, which made them susceptible to detection.

The middle iterations introduced more complex mechanisms like retrieving and executing the data-collecting bash script from an external domain.

Also, the authors added a "preinstall" hook to run malicious JavaScript automatically upon installation.

The most recent packages utilized base64 encoding to evade analysis, which was later upgraded to double base64 encoding.

In general, the attackers engaged in a continuous code testing and refinement process and even delivered packages that specialized in some aspects of data collection more than others.

Info-stealing threat

The data stolen by the packages includes sensitive machine and user information.

Collected machine and user details include hostname, username, current path, OS version, external and internal IP addresses, and Python version for PyPI packages.

These details and the Kubernetes configurations stored on kubeconfig files and SSH private keys in ~/.ssh/id_rsa are written in a text file (ConceptualTest.txt) and sent to the attackers' servers.

The stolen information can be used to expose the real identities of developers and give the attackers unauthorized access to systems, servers, or infrastructure accessible through the stolen SSH private keys.

If stolen Kubernetes configurations contain credentials to access clusters, the attackers could modify deployments, add malicious containers, access sensitive data stored in the cluster, move laterally, or launch a ransomware attack.

Users of code distribution platforms such as PyPI and npm are advised to be cautious with what packages they download and launch on their systems, as there's a constant influx of malware in those ecosystems.