CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data

admin by admin
December 19, 2022
in Information Security


Dec 19, 2022Ravie LakshmananSoftware Security / Supply Chain

Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak.

The package, named SentinelOne and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen versions pushed in quick succession over a period of two days.

It claims to offer an easier method to access the company’s APIs, but harbors a malicious backdoor that’s engineered to amass sensitive information from development systems, including access credentials, SSH keys, and configuration data.

What’s more, the threat actor has also been observed releasing two more packages with similar naming variations – SentinelOne-sdk and SentinelOneSDK – underscoring the continued threats lurking in open source repositories.

CyberSecurity

“The SentinelOne imposter package is just the latest threat to leverage the PyPI repository and underscores the growing threat to software supply chains, as malicious actors use strategies like ‘typosquatting’ to exploit developer confusion and push malicious code into development pipelines and legitimate applications,” ReversingLabs threat researcher Karlo Zanki said in a report shared with The Hacker News.

What’s notable about the fraudulent package is it mimics a legitimate SDK that’s offered by SentinelOne to its customers, potentially tricking developers into downloading the module from PyPI.

Malicious PyPI package

The software supply chain security company noted that the SDK client code may have been “likely obtained from the company by way of a legitimate customer account.”

Some of the data exfiltrated by the malware to a remote server include shell command execution history, SSH keys, and other files of interest, indicating an attempt on the part of the threat actor to siphon sensitive information from development environments.

It’s not immediately clear if the package was weaponized as part of an active supply chain attack, although it has been downloaded more than 1,000 times prior to its removal.

The findings come as ReversingLabs’ State of Software Supply Chain Security report found that the PyPI repository has witnessed a nearly 60% decrease in malicious package uploads in 2022, dropping to 1,493 packages from 3,685 in 2021.

On the contrary, the npm JavaScript repository saw a 40% increase to nearly 7,000, making it the “biggest playground for malicious actors.” In all, rogue package trends since 2020 have exhibited a 100 times rise in npm and more than 18,000% in PyPI.

“Though small in scope and of little impact, this campaign is a reminder to development organizations of the persistence of software supply chain threats,” Zanki said. “As with previous malicious campaigns, this one plays on tried and true social engineering tactics to confuse and mislead developers into downloading a malicious module.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

This year’s hottest tech: Related privacy concerns

Next Post

Illuminateinnovativeness

Related Posts

Information Security

Temporary elevated access management with IAM Identity Center

by admin
June 9, 2023
Information Security

Don’t panic! These scammers don’t actually have photos of you

by admin
June 9, 2023
Information Security

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

by admin
June 8, 2023
Information Security

AWS Security Profile – Cryptography Edition: Valerie Lambert, Senior Software Development Engineer

by admin
June 8, 2023
Information Security

New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency

by admin
June 7, 2023
Next Post

Illuminateinnovativeness

Recommended

Temporary elevated access management with IAM Identity Center

June 9, 2023

Don’t panic! These scammers don’t actually have photos of you

June 9, 2023

Illustratenonlinearlogic

June 8, 2023

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

June 8, 2023

AWS Security Profile – Cryptography Edition: Valerie Lambert, Senior Software Development Engineer

June 8, 2023

Inflection ~ Future of CIO

June 7, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.