4 min read

Malicious Python Repository Package Drops Cobalt Strike on Windows, macOS & Linux Systems

The PyPI "pymafka" package is the latest example of growing attacker interest in abusing widely used open source software repositories.

Public repositories of open source code are a critical part of the software supply chain that many organizations use to build applications. They are therefore an attractive target for adversaries seeking to distribute malware to a mass audience.

The latest case in point is a malicious package for distributing Cobalt Strike on Windows, macOS, and Linux systems, which was uploaded to the widely used Python Package Index (PyPI) registry for Python application developers. The "pymafka" package has a name that's very similar to "PyKafka," a popular Apache Kafka client for Python that has been downloaded more than 4.2 million times so far.

More than 300 users were tricked into downloading the malicious package, thinking it was the legitimate code, before researchers at Sonatype discovered the issue and reported it to the PyPI registry. It has since been removed, but applications that incorporated the malicious script remain a threat.

"The number of downloads for the malicious package include automated downloads initiated by mirrors and bots in addition to user-initiated downloads," says Ax Sharma, security researcher at Sonatype.

According to him, downloads involving users mistakenly typing “pymafka” instead of “pykafka”  likely were fewer than 100 in number. "Intuitively, it may seem the impact from a typosquatting attack is limited to a single user making the spelling error," he says. "But things get complicated when a developer misspells a dependency name in their library, and their library is further being used as a dependency within other third-party software projects," he says. The users of these other applications may then automatically be infected with the typosquatted project, without having taken any action or making a mistake.

Second Typosquatting Incident in a Month

The incident marks the second typo-squatting incident involving the Apache Kafka project that Sonatype researchers uncovered this month. Earlier, they discovered a package on PyPI that had the same name as a Kafka-related Python project on GitHub called "karaspace." Though the malicious package on PyPI had the same name as the legitimate project, it was designed to steal IP addresses, user names, and other information for fingerprinting devices on which the package was installed.

In a blog Friday, Sonatype described pymafka as designed to detect the platform on which it is installed and then embed an OS-appropriate version of a Cobalt Strike beacon on the device. Cobalt Strike is often used maliciously for lateral movement within a target network environment.  

Sonatype said it observed the executables being downloaded from an IP address associated with cloud-hosting provider Vultr. Once installed on a system, the beacon attempts to communicate with a China-based IP address assigned to Alibaba. 

"Less than a third of antivirus engines detected the samples as malicious at the time of our submission to VirusTotal, although that's still a better detection rate than the zero-detections seen in some of our earlier discoveries," according to Sonatype.

Blind Trust

The pymafka incident is the latest in a growing number of security incidents involving PyPI and other public repositories. For instance, last November researchers from JFrog discovered 11 malicious Python packages on PyPI. In July, they discovered malicious PyPI packages attempting to steal credit-card data and other information from some 30,000 systems on which the packages had been installed. The same month, a Japanese researcher reported a security issue that gave attackers a way to remotely execute malicious code on the registry.

"Developers are blindly trusting repositories and installing packages from these sources, assuming they are secure," JFrog warned last year. "Sometimes malware packages are allowed to be uploaded to the package repository, giving malicious actors the opportunity to use repositories to distribute viruses and launch successful attacks on both developer and [continuous integration/continuous delivery] CI/CD machines in the pipeline."

Concerns over the growing attacker interest in public repositories have prompted several security initiatives at PyPI in recent years. These include the addition of two-factor authentication as a log-in option and API tokens for uploading software to the registry, a dependency resolver to ensure the pip package installer installs the right versions of package dependencies, and creating databases of known Python vulnerabilities in PyPI projects.

Concerns over software supply-chain security has prompted other, more strategic initiatives as well. Earlier this month, the National Institute of Standards and Technology (NIST) updated its cybersecurity guidance with new recommendations for addressing risks in the software supply chain. MITRE, too, has released a prototype framework called System of Trust that organizations can use to evaluate the security practices of service providers and suppliers in the software supply chain.