The popular NPM code registry continues to be a target of bad actors looking to sneak their malicious packages into open-source code used by software developers.
Researchers with Fortinet’s FortiGuard Labs this week said they found almost three dozen malicious packages in the registry that contain scripts that make them difficult to be detected and can collect and exfiltrate user and system data.
A day later, ReversingLabs analysts said another malicious NPM package that cropped up in August marked the first time they had found a such a package delivering rootkit functionality, with Lucija Valentić, a software threat researcher with the vendor, writing that the inclusion of the rootkit “suggests that open source projects may increasingly be seen as an avenue by which to distribute malware.”
The latest discoveries of malicious packages in the NPM Registry is part of a growing trend over the past couple of years of bad actors targeting NPM and other code repositories, such as GitHub and the Python Package Index (PyPI), to launch software supply-chain attacks. By luring developers into inadvertently using their malicious code, hackers hope to move their malware downstream to organizations that use the infected software in their IT environments.
In a report last month, and other repositories, Check Point Software outlined the advantages to developers of using the NPM Registry as well as the inherent risks. The company noted that sees billions of downloads a week, indicating that open source code in it could run in millions of applications, adding that “a single flaw within this package will impact all the applications relying on it.”
“Since the NPM registry is a collection of open-source packages, the responsibility of maintaining these packages falls into the hands of the contributors and owners of each package,” wrote Dotan Nahum, founder of Spectral, a cybersecurity company Check Point bought last year. “Although many open-source projects thrive with the community’s support, some packages fall through the cracks and end up with significant security issues and flaws.”
In their report, FortiGuard researchers Jin Lee and Jenna Wang wrote that a Fortinet system used to detect malicious open source package on NPM, PyPI, and other ecosystems turned up a number of malicious package hidden in NPM that they grouped into nine sets based on similar code or functions.
Most of the packages use install scripts that run before or after being installed, so whenever an NPM package is installed, the malicious scripts run as well.
“Every package we found aims to steal sensitive data, such as system or user information, via a webhook or file-sharing link,” Lee and Wang wrote.
One set of scripts exfiltrate such sensitive data as Kubernetes configurations and SSH keys, as well as basic system details, including usernames, IP addresses, and hostnames, all without prior warning. Another set sends an HTTP GET request to a specific URL, scans for particular files and directories containing sensitive information, and extracts such developer data as source code and configuration files.
Other sets use a Discord webhook to exfiltrate sensitive data, an index.js install script to steal host and username info and home users’ home directory contents through a webhook, or automatically downloads and executes a malicious executable file from a URL.
Lee and Wang warned that “end users should watch for packages that employ suspicious install scripts and exercise caution.”
In typosquatting campaigns like that discovered by ReversingLabs, threat actors create malicious packages with names that closely resemble legitimate open source modules, Valentić wrote.
In this case, the package is named “node-hide-console-windows,” adding one letter to the legitimate NPM package “node-hide-console-window,” which she wrote is used to toggle an application’s console window visibility.
Like previous campaigns, attackers with the newly discovered one “took other steps to make the packages indistinguishable to hurried developers looking to add the node-hide-console-window functionality to their application,” Valentić wrote. “For example, the npm page for the malicious package was set up to look very similar to the page for the legitimate package. Also, the malicious npm package had 10 versions published, the same as node-hide-console-window.”
What makes the deceptive package unusual is that it deploys an open source rootkit called “r77,” malware that can disguise files and processes and be bundled with other software. In this case, the malicious package downloaded the DiscordRAT 2.0 bot that enabled r77 to be planted.
Once the rootkit is launched, two registry subkeys are created to hide the presence of the bot. All 10 versions of the malicious package enabled DiscordRAT 2.0 to be downloaded, though the last two versions also had another payload disguised as a visual code update but actually was a PyInstaller-compiled executable that served up the Blank-Grabber info-stealer written in Python 3.
ReversingLabs has seen an open source package delivering PyInstaller before – though in that case the payload was LunaGrabber – but Valentić wrote that “the similarities suggest that malicious actors are turning to open source projects to plant malware while evading antivirus detection.”
It’s unclear how sophisticated the campaigns operators are, though there were about 700 downloads before the campaign was shut down, a small number compared with other attacks. In addition, the campaign was built using components that are freely available online from platforms like GitHub, which takes little effort for attackers to build and run.
The use of such well-known open source malware also increased the chances of being detected.
That said, there was an effort to make the deceptive packages seem trustworthy, typosquatting a legitimate package and creating 10 versions of the malicious one.
In the end, how sophisticated the campaign is doesn’t matter to developers, adding that malicious packages are a growing danger on NPM, PyPI, and GitHub.
“Such availability makes supply chain attacks — once the province of well-resourced and sophisticated, nation-state or cybercriminal groups — accessible to low-skill malicious actors and ‘script kiddies,’” Valentić wrote, making it more dangerous that complex campaigns like the one targeting SolarWinds in 2020. “That’s because it shows that the supply chain attack door is now open to low-stakes actors, who may fool incautious developers and infiltrate development pipelines in ways that reverberate far and wide.”
Recent Articles By Author