CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Researchers Discover Malicious PyPI Package Posing as SentinelOne SDK to Steal Data

admin by admin
December 19, 2022
in Information Security


Dec 19, 2022Ravie LakshmananSoftware Security / Supply Chain

Cybersecurity researchers have discovered a new malicious package on the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne, a major cybersecurity company, as part of a campaign dubbed SentinelSneak.

The package, named SentinelOne and now taken down, is said to have been published between December 8 and 11, 2022, with nearly two dozen versions pushed in quick succession over a period of two days.

It claims to offer an easier method to access the company’s APIs, but harbors a malicious backdoor that’s engineered to amass sensitive information from development systems, including access credentials, SSH keys, and configuration data.

What’s more, the threat actor has also been observed releasing two more packages with similar naming variations – SentinelOne-sdk and SentinelOneSDK – underscoring the continued threats lurking in open source repositories.

CyberSecurity

“The SentinelOne imposter package is just the latest threat to leverage the PyPI repository and underscores the growing threat to software supply chains, as malicious actors use strategies like ‘typosquatting’ to exploit developer confusion and push malicious code into development pipelines and legitimate applications,” ReversingLabs threat researcher Karlo Zanki said in a report shared with The Hacker News.

What’s notable about the fraudulent package is it mimics a legitimate SDK that’s offered by SentinelOne to its customers, potentially tricking developers into downloading the module from PyPI.

Malicious PyPI package

The software supply chain security company noted that the SDK client code may have been “likely obtained from the company by way of a legitimate customer account.”

Some of the data exfiltrated by the malware to a remote server include shell command execution history, SSH keys, and other files of interest, indicating an attempt on the part of the threat actor to siphon sensitive information from development environments.

It’s not immediately clear if the package was weaponized as part of an active supply chain attack, although it has been downloaded more than 1,000 times prior to its removal.

The findings come as ReversingLabs’ State of Software Supply Chain Security report found that the PyPI repository has witnessed a nearly 60% decrease in malicious package uploads in 2022, dropping to 1,493 packages from 3,685 in 2021.

On the contrary, the npm JavaScript repository saw a 40% increase to nearly 7,000, making it the “biggest playground for malicious actors.” In all, rogue package trends since 2020 have exhibited a 100 times rise in npm and more than 18,000% in PyPI.

“Though small in scope and of little impact, this campaign is a reminder to development organizations of the persistence of software supply chain threats,” Zanki said. “As with previous malicious campaigns, this one plays on tried and true social engineering tactics to confuse and mislead developers into downloading a malicious module.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

This year’s hottest tech: Related privacy concerns

Next Post

Illuminateinnovativeness

Related Posts

Information Security

New Android Banking Trojan Targeting Brazilian Financial Institutions

by admin
February 4, 2023
Information Security

Fall 2022 PCI DSS report available with six services added to compliance scope

by admin
February 4, 2023
Information Security

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

by admin
February 3, 2023
Information Security

How to improve security incident investigations using Amazon Detective finding groups

by admin
February 3, 2023
Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Next Post

Illuminateinnovativeness

Recommended

Initiativesofreinvention

February 4, 2023

New Android Banking Trojan Targeting Brazilian Financial Institutions

February 4, 2023

Fall 2022 PCI DSS report available with six services added to compliance scope

February 4, 2023

Initiativesofnonlinearity ~ Future of CIO

February 3, 2023

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

February 3, 2023

How to improve security incident investigations using Amazon Detective finding groups

February 3, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.