A backdoor in a public repository used a new form of attack to target large companies

A backdoor that researchers found hidden in open source code targeting four German companies was the work of a professional penetration tester. The tester was verifying customers’ resiliency against a new class of attack that leverages public repositories used by millions of software projects worldwide. But it could have been bad. Very bad.

Dependency confusion is a new form of supply chain attack that came to the fore in March 2021, when a researcher demonstrated he could use it to run unauthorized code of his choosing on networks owned by Apple, Microsoft and 33 other companies. The researcher, Alex Birsan, received $130,000 in bug bounties and credits for developing the new form of attack.

A few weeks later, another researcher uncovered evidence showing that Amazon, Slack, Lyft, Zillow, and other companies had been targets of attacks using the same technique. The spread of more than 200 malicious packages in the wild indicated that the attack engineered by Birsan appealed to real-world threat actors.

It’s not the addiction you’re looking for

Dependency confusion exploits companies’ reliance on open source code available from repositories such as NPM, PyPI, or RubyGems. In some cases, the company’s software will automatically connect to these sources to retrieve the code libraries needed to run the application. Other times, developers store these so-called dependencies internally. As the name suggests, dependency confusion works by tricking a target into downloading the library from the wrong place, a public source rather than an internal source.

To achieve this, hackers scour JavaScript code, accidentally released internal packages, and other sources to discover the names of code dependencies stored internally by the targeted organization. Hackers then create a malicious dependency and host it on one of the public repositories. By giving the malicious package the same name as the internal package and using a higher version number, some targets will automatically download it and update the software. With this, the hackers managed to infect the software supply chain the targets rely on and trick the target or its users into executing malicious code.

Over the past few weeks, researchers from two security firms tracked code dependencies that used maintainer and package names that closely resembled those that might be used by four German companies in the media, logistics, and logistics sectors. and industry. The package names and corresponding maintainer names were:

Based on these names, the researchers deduced that the packages were designed to target Bertelsmann, Bosch, Stihl and DB Schenk.

Inside each package was obfuscated code that obtained the target’s username, hostname, and file contents from specific directories and extracted them over HTTPS and DNS connections. The malicious package would then install a backdoor that would point to a command and control server operated by the attacker to retrieve instructions, including:

  • Download file from C2 server
  • Upload file to C2 server
  • Evaluate arbitrary JavaScript code
  • Run a local binary
  • Delete and end the process
  • Register the backdoor on the C2 server

Researchers from JFrog and ReversingLabs, the two security companies that independently discovered the malicious packages, quickly discovered that they were part of the same family as that security company’s malicious packages. Snyk found last month. Although Snyk was the first to spot the files, he did not have enough information to identify the intended target.


Wednesday, just hours before JFrog and ReversingLabs were to blog here and herea penetration testing store named Code White took credit for the parcels.

“Tnx for your excellent analysis,” the company said in a Tweeter which addressed Snyk and quoted his blog post from last month. “And don’t worry, the ‘malicious actor’ is one of our interns 😎 who was tasked with researching dependency confusion as part of our ongoing attack simulations for customers. To clarify your questions: we’re trying to emulate realistic threat actors for dedicated clients as part of our security intelligence department and we’ve brought our ‘own’ package manager that supports thread and npm.”

In a direct message, Code White CEO David Elze said the company’s intern created and released the packages as part of a legitimate penetration testing exercise explicitly authorized by the companies involved.

“We do not release the names of our customers, but specifically I can confirm that we are legally engaged by the companies involved and acting on their behalf to simulate these realistic attack scenarios,” Elze said.

Code White’s involvement means that the dependency confusion attacks discovered by Snyk and later observed by JFrog and ReversingLabs were not a sign that actual exploits of this vector are on the rise. Still, it would be a mistake to think that this attack class is never used in the wild and never will be.

In March, the security company Sonatype malicious packages discovered published on npm which targeted Amazon, Slack, Lyft and Zillow. These packages did not contain any disclaimer indicating that they were part of a bug bounty program or a benign proof-of-concept exercise. Additionally, the packages have been programmed to exfiltrate sensitive user information, including bash history and the contents of /etc/shadow, the directory where Linux user password data is stored. In some cases, packages also opened a reverse shell.

JFrog has also spotted malicious attacks in the wild, including the previously mentioned presence of over 200 packages on npm for various Azure projects that stole personal information from developer computers.

This means that even if this latest discovery was a false alarm, malicious dependency confusion attacks To do occur in the wild. Given the disastrous consequences that could follow from a success, organizations should spend time testing their systems or use the services of companies like Snyk, JFrog, ReversingLabs or Sonatype, which monitor all vulnerabilities and exploits in open ecosystems. source.

Comments are closed.