More Supply Chain Attacks via Malicious Python Packages | FortiGuard Labs

The FortiGuard Labs team discovered over 30 new zero-day attacks in PyPI packages (Python Package Index). These were found between late March and late April by monitoring an open-source ecosystem. In this blog, we will cover all the packages that were found, grouping them into similar attacks or behavior. Some of these sets may have been shown in a previous blog.

1.     The packages in the following set were found to be similar:

  • tls-bypass (version 1.0)
  • zproxy (version 1.0)
  • stripe-client (version 1.0)
  • stripepy (version 1.0)
  • proxycpz (version 1.0)
  • pycolorstrex (version 1.0)
  • pyproxyx (version 1.0)
  • colored-fidget (version 1.0)

As explained in our last blog, the setup.py file in these packages tries to execute a Python script written to connect to a URL that may contain malicious code.

2.     The next set of packages includes:

  • ailzyn1tr0 (version 1.0)
  • oauth20-api (version 1.0)
  • bogdi (version 1.0)

The setup.py file in these packages tries to steal information, such as credit cards, wallets, account logins, etc. using a Discord webhook.

3.     This set includes the following package:

  • async-box (version 1.4.7)

The setup.py file in this package tries to download a zip file to a directory (depending on the Python version), extract its contents, run a script contained in the zip file, and then remove its directory.

4.     This set includes the following package:

  • seleniumunclickable (version 1.0.1)

The setup.py file in this package connects to a URL to download and run a potentially malicious script.

5.     This set includes the following package:

  • pyobfexecute (versions 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5)

Its setup.py file tries to execute the encoded data shown in Figure 5.

The decoded data (shown below) tries to connect to a URL to write potentially malicious data to a Python script, which it then runs. It then removes the script.

6.     The packages in this set include:

  • compilecls (versions 1.0.2, 1.0.3)
  • randgenlib (version 1.0.2)
  • pipcoloringlibary (version 1.0.0)
  • pipcoloringliberyV2 (version 1.0.0)
  • pythoncolourlibraryV1 (version 1.0.0)

Similar to set two, these packages tr yto steal sensitive information such as wallets, login information, cookies, etc., using a webhook. Its code includes a GitHub link to https://github.com/Inplex-sys/BlackCap-Grabber-NoDualHook, indicating that it may be a BlackCap webhook stealer. It also includes additional features, such as bypassing VM machines, hiding itself, and injection techniques, etc. This time, the malicious code is found in __init__.py

7.     Package seven includes:

  • aietelegram (version 0.3)
  • social-scapper (version 3.6)
  • quick-telegram-sender (version 0.7)
  • libidreq (version 0.1)
  • setnetwork (version 0.3)
  • tg-bulk-sender (version 2.3)
  • social-scrappers (version 2.3)
  • tiktok-phone-cheker (version 2.42)
  • cloud-client (version 1.34)
  • cloudfix (versions 0.0.0, 2)

When examining its setup.py, we found that it tries to run the encoded data shown below. Once decoded, we see that it creates and runs an executable file that accesses and exfiltrates sensitive data.

8.     This set includes the following package:

  • roblopython (version 2.0.15)

This package’s setup.py file reveals the execution of encoded data, as shown in Figure 11. Once decoded (Figure 12), we see that it tries to retrieve potentially malicious data—most likely an executable from a URL—to write to a file, which it then tries to run.

9.     This set includes the following package:

  • pycalculate (version 1.0.0)

This package contains multiple layers of obfuscation in its setup.py file, as shown in Figure 12. While it could not fully run, it still dropped a script named ‘WindowsDefender.py,’ which provides clues that it will execute a potentially malicious script that it retrieved from a file-sharing website, as shown in Figure 13.

Conclusion

As this blog shows, we are seeing more—and more different—types of malicious Python packages being loaded into an open-source ecosystem, each with a unique method of attack. Given the increasing number and variety of attacks, end users should keep an eye out for suspicious packages and take caution before using them. We will continue to report current information on malicious packages to help users avoid becoming a victim of a supply chain attack.

Fortinet Protections

Fortiguard AntiVirus detects the malicious files identified in this report as

tls-bypass-1.0 setup.py: Python/Agent.QD!tr

zproxy-1.0 setup.py: Python/Agent.QD!tr

ailzyn1tr0-1.0 setup.py: Python/Agent.QD!tr

stripe-client-1.0 setup.py: Python/Agent.QD!tr

stripepy-1.0 setup.py: Python/Agent.QD!tr

proxycpz-1.0 setup.py: Python/Agent.QD!tr

pycolorstrex-1.0 setup.py: Python/Agent.QD!tr

pyproxyx-1.0 setup.py: Python/Agent.QD!tr

colored-fidget-1.0 setup.py: Python/Agent.QD!tr

async-box-1.4.7 setup.py: Python/Agent.QD!tr

seleniumunclickable-1.0.1 setup.py: Python/Agent.QD!tr

pyobfexecute-1.0.0 setup.py: Python/Agent.QD!tr

pyobfexecute-1.0.1 setup.py: Python/Agent.QD!tr

pyobfexecute-1.0.2 setup.py: Python/Agent.QD!tr

pyobfexecute-1.0.3 setup.py: Python/Agent.QD!tr

pyobfexecute-1.0.4 setup.py: Python/Agent.QD!tr

pyobfexecute-1.0.5 setup.py: Python/Agent.QD!tr

compilecls-1.0.2 __init__.py: Python/Agent.QD!tr

compilecls-1.0.3 __init__.py: Python/Agent.QD!tr

randgenlib-1.0.2 __init__.py: Python/Agent.QD!tr

aietelegram-0.3 setup.py: Python/Agent.QD!tr

pipcoloringlibary-1.0.0 __init__.py: Python/Agent.QD!tr

social-scrapper-3.6 setup.py: Python/Agent.QD!tr

quick-telegram-sender-0.7 setup.py: Python/Agent.QD!tr

oauth20-api-1.0 setup.py: Python/Agent.KAF

libidreq-0.1 setup.py: Python/Agent.QD!tr

roblopython-2.0.15 setup.py: Python/Agent.QD!tr

setnetwork-0.3 setup.py: Python/Agent.QD!tr

pycalculate-1.0.0 setup.py: Python/Agent.QD!tr

pipcoloringliberyV2-1.0.0 __init__.py: Python/Agent.QD!tr

pythoncolourlibraryV1-1.0.0 __init__.py: Python/Agent.QD!tr

tg-bulk-sender-2.3 setup.py: Python/Agent.QD!tr

social-scrappers-2.3 setup.py: Python/Agent.QD!tr

tiktok-phone-cheker-2.42 setup.py: Python/Agent.QD!tr

bogdi-1.0 setup.py: Python/Agent.KAF

cloud-client-1.34 setup.py: Python/Agent.QD!tr

cloudfix-0.0.0 setup.py: Python/Agent.QD!tr

cloudfix-2 setup.py: Python/Agent.QD!tr

The FortiGuard AntiVirus service is supported by FortiGate, FortiMail, FortiClient, and FortiEDR. Customers running current AntiVirus updates are protected.

The FortiGuard Web Filtering Service detects the download URLs cited in this report as Malicious and blocks them.

If you believe these or any other cybersecurity threat has impacted your organization, please contact our Global FortiGuard Incident Response Team.

IOCs

tls-bypass-1.0 setup.py

            ffb2b2e714229f281add91aca0d57dcf

zproxy-1.0 setup.py

            d4c635f97b6564b904803fc2aabbaed8

ailzyn1tr0-1.0 setup.py

            89db7b4665cff163931777f091f3b8f5

stripe-client-1.0 setup.py

            9b4d4447926c285f0b61cda94cd4c091

stripepy-1.0 setup.py

            3330f0addf70da913f2612a1f4160966

proxycpz-1.0 setup.py

            2377e6a74e114629130519fb11307c1e

pycolorstrex-1.0 setup.py

            b916f12792f9fa268151a62fd251f5ba

pyproxyx-1.0 setup.py

            67bd8ac1e0dbfc1e97dcf3484dc94962

colored-fidget-1.0 setup.py

            8185f8b26899dc1a3fb21f28a707d416

async-box-1.4.7 setup.py

            6bf677c885d35e60469a03a5fbdf9d05

seleniumunclickable-1.0.1 setup.py

            ef8c25e9f2898b3e4d6ae90c8f3326bb

pyobfexecute-1.0.0 setup.py

            0c7ef9ff1aa6063b2c05d7b6a90ac9e8

pyobfexecute-1.0.1 setup.py

            3ba67a5955c66e272ce9c0dc7899a303

pyobfexecute-1.0.2 setup.py

            3a52b545ec52c2690b3b3360e6aeabea

pyobfexecute-1.0.3 setup.py

            f7c4e2d0af6729d90490bed9ec5529bb

pyobfexecute-1.0.4 setup.py

            fb61ab7fedb684c5cc911f34e7694b97

pyobfexecute-1.0.5 setup.py

            0e254a2fe5f2b45e8d46473e1bf4261e

compilecls-1.0.2 __init__.py

            f35ceed9535442d8c54ae2c812981967

compilecls-1.0.3 __init__.py

            531c8cfcb06f317e3d2d6f5244065d0e

randgenlib-1.0.2 __init__.py

            72e54b41d47187beed081a19f5f492e9

aietelegram-0.3 setup.py

            31fc1f95991734c9b6934aa76ea0937f

pipcoloringlibary-1.0.0 __init__.py

            53ba97516240b344513be0ebf7bfac12

social-scrapper-3.6 setup.py

            51e2facc49ca409cb39388e97231db48

quick-telegram-sender-0.7 setup.py

            cf247e4436d2d44a4f426447fa125de6

oauth20-api-1.0 setup.py

            73e623a5ed9e8f55131c2e00e9660e8b

libidreq-0.1 setup.py

            31e30f8f40e0f917007a0771b3c671e2

roblopython-2.0.15 setup.py

            fcc64a48b6182a22952cc237d99d9350

setnetwork-0.3 setup.py

            9fa65e48a699f1540c8423844ae0da9f

pycalculate-1.0.0 setup.py

            faf2d569cdaf4e1337d7be27b148e72d

pipcoloringliberyV2-1.0.0 __init__.py

            53ba97516240b344513be0ebf7bfac12

pythoncolourlibraryV1-1.0.0 __init__.py

            df46d8d238eee6e283775ba3be6e73bf

tg-bulk-sender-2.3 setup.py

            047b511c33587734c658146e7802bd01

social-scrappers-2.3 setup.py

            0d5a0e3a2ff4d0e216eeac4068a80a79

tiktok-phone-cheker-2.42 setup.py

            9e060f032e7b4df22cd0bf3e2402e068

bogdi-1.0 setup.py

            84285525a2ab835d5200daedc331242a

cloud-client-1.34 setup.py

            350639460f29536d7e92e7e9616f5927

cloudfix-0.0.0 setup.py

            d7296063bbd8eefa39897972530db644

cloudfix-2 setup.py

            3d551ad49ad93382a33abe57da0d33c5

Malicious URLs

hxxps://paste[.]website/p/400c3e4b-a59b-4598-a199-75e848aeaae3[.]txt

hxxps://raw[.]githubusercontent[.]com/KSCHdsc/BlackCap-Inject/main/index[.]js

Source: https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-malicious-python-packages