Hidden Malicious Packages in PyPI | FortiGuard Labs

Affected platforms: All platforms where PyPI packages can be installed
Impacted parties: Any individuals or institutions that have these malicious packages installed
Impact: Leak of credentials, sensitive information, etc.
Severity level: High

The FortiGuard Labs team has identified a malicious PyPI package affecting all platforms where PyPI packages can be installed. This discovery poses a significant risk to individuals and institutions that have installed these packages, potentially leading to the leakage of credentials and sensitive information. Given the high severity of this threat, it is crucial to focus on this specific PyPI package. This report discusses its potential impacts and emphasizes the importance of diligent security practices in managing software dependencies.

On July 3, the Fortinet AI-driven OSS malware detection system identified a malicious package named zlibxjson version 8.2, published on June 29, 2024. This package contained a malicious URL that downloaded various files, including an executable (.exe) file packed with PyInstaller. The .exe file was unpacked to retrieve .pyc files, which were then decompiled into Python (.py) files. Among the numerous Python and DLL files discovered, three were particularly problematic:

Discord_token_grabber.py
get_cookies.py
password_grabber.py.

These files are designed to steal sensitive information, such as Discord tokens, browser cookies, and stored passwords. We examine each of these files in the following sections.

The First Malicious File: discord_token_grabber.py

The provided code is malicious for several reasons, but primarily because it aims to steal sensitive information from Discord users and send it to an external server controlled by the attacker.

1. Token Extraction:

The code extracts Discord tokens from the user’s local machine by searching for patterns that match token formats in local files. Tokens are used to authenticate users with Discord’s API. Stealing these tokens allows an attacker to gain unauthorized access to the victim’s Discord account. The class `extract_tokens` performs this search in local application data directories using regular expressions. The tokens are then validated and decrypted if necessary.

2. Decryption of Stored Data:

The code includes functionality to decrypt stored passwords and tokens using the system’s master key. This allows the attacker to access sensitive data stored securely by the system.

3. Data Exfiltration:

The code sends the extracted tokens and other user information to the attacker’s server by making HTTP requests to Discord’s API endpoints. It gathers user profile information, billing details, guild memberships, and gift codes. The collected data is then formatted and sent to an external server, enabling the attacker to use or sell the stolen information. The `fetch_tokens` class collects this wide range of information using the stolen tokens.

4. Persistence and Evasion:

The code includes retry mechanisms and various methods to ensure it can continue its operations even if some attempts fail. The collected data is then formatted and sent to an external server or presented in a format that can be easily sent to the attacker.

The Second Malicious File: get_cookies.py

This file includes some critical malicious activities, including cookies theft, decryption of stored data, and data exfiltration,

1. Cookie Theft:

The code’s primary purpose is to steal cookies from various web browsers, such as Chrome, Firefox, Brave, and Opera. Cookies often contain sensitive information like session tokens, login credentials, and other personal data. The code also accesses and copies browser data directories without user consent, indicating a clear malicious intent.

2. Decryption of Stored Data:

The code decrypts stored cookies using the system’s master key, which is extracted from the browser’s local state files. This involves decrypting data that is typically securely stored. It unlocks encrypted cookie data, bypassing security mechanisms that protect user information.

3. Data Exfiltration:

The decrypted cookies are saved to a file named `cookies.txt` located in the user’s directory (`C:Users{getuser()}cookies.txt`), a tactic commonly used to collect and later exfiltrate sensitive data. This indicates an intent to gather and potentially transfer sensitive information. Additionally, the code creates temporary directories and files, possibly to hide its activities and ensure persistence.

The Third Malicious File: password_grabber.py

The provided code is malicious. It is designed to steal saved passwords from web browsers, specifically Google Chrome and Microsoft Edge, and decrypt them for unauthorized access. Here’s a detailed analysis of why this code is malicious:

Detailed Analysis:

The functions `get_passwords_edge()` and `main()` access the databases where Chrome and Edge store login data to extract encrypted passwords. The code copies the `Login Data` file used by Chrome and Edge to a local file (`ChromeData.db`) to read its contents without locking issues. After extracting the encrypted passwords, the code decrypts them using the browser’s encryption key. The extracted and decrypted data, including URLs, usernames, and passwords, are stored in a dictionary that can be sent to an attacker or saved for misuse. The code then removes the copied database file to clean up traces. Specific malicious elements include unauthorized access to browser data directories, decryption of sensitive data, and the potential exfiltration of collected passwords to an external server or attacker-controlled location.

Conclusion

The identified malicious packages in PyPI are designed to steal sensitive information by accessing and decrypting stored data from web browsers, such as passwords and cookies. These actions can lead to unauthorized access to user accounts and the exfiltration of personal data, clearly classifying the software as malicious. It is crucial to remain vigilant and use detection systems like AI-driven OSS malware detection to identify and mitigate such threats, ensuring user privacy and security are maintained.

Fortinet Protections

FortiGuard AntiVirus detects the malicious files identified in this report as

Discord_token_grabber.pyc: <Python/Agent.OT!tr>
Get_cookies.pyc:<Python/Agent.AZH!tr>
Password_grabber.pyc: <Python/Agent.BG!tr>
MinGCC-x64.exe:<Python/Stealer.804C!tr.pws>

The FortiGuard AntiVirus service is supported by FortiGate, FortiMail, FortiClient, and FortiEDR. Customers running current AntiVirus updates are protected.

TheFortiGuard Web Filtering Service detects and blocks the download URLs cited in this report as Malicious.

The FortiDevSec SCA scanner detects malicious packages, including those cited in this report that may operate as dependencies in users’ projects in test phases, and prevents those dependencies from being introduced into users’ products.

If you believe these or any other cybersecurity threat has impacted your organization, please contact ourGlobal FortiGuard Incident Response Team.

IOCs