PowerShell Gallery Prone to Typosquatting, Other Supply Chain Attacks

[Editor's Note: This article was updated on 8/18/2023 with a response received from Microsoft]

Microsoft's PowerShell Gallery presents a software supply chain risk because of its relatively weak protections against attackers who want to upload malicious packages to the online repository, according to researchers at Aqua Nautilus.

They recently tested the repository's policies regarding package names and owners and found that a threat actor could easily abuse them to spoof legitimate packages and make it hard for users to identify the true owner of a package.

Use With Caution

"If your organization uses PowerShell modules from the gallery, we suggest only using signed PowerShell modules, utilizing trusted private repositories, and exercising caution when downloading new modules/scripts from registries," says Yakir Kadkoda, lead security researcher at Aqua. "Second, we advise similar platforms to the PowerShell Gallery to take necessary steps to enhance their security measures. For instance, they should implement a mechanism that prevents developers from uploading modules with names too similar to existing ones."

Kadkoda says Microsoft acknowledged the issues when informed about them and claimed it had addressed two separate issues, once in February 2022 and a second time this past January. "However, we've continued to check, and these issues still exist" as of Aug. 16, he says.

Microsoft said it added functions to find and eradicate malicious packages. "We're aware of this report and have determined that it relies on social engineering to be successful. However we've implemented some changes to help identify and remove these packages," a Microsoft spokeswoman said in an emailed statement to Dark Reading after this story was published. "We encourage users to report any packages they suspect are malicious via the "Report" link on the package module."

Microsoft said it will continue to monitor for malicious activity on PowerShell Gallery and take defense-in-depth measures to keep customers protected.

PowerShell Gallery is a widely used repository for finding, publishing, and sharing PowerShell code modules and so-called desired state configuration (DSC) resources. Many of the packages on the registry are from trusted entities, such as Microsoft, AWS, and VMware, while many others are from community members. There have been more than 1.6 billion package downloads from the repository so far this year alone.

Open to Typosquatting

One issue that Aqua discovered was the lack of any kind of protection against typosquatting, a deception technique that threat actors have increasingly used in recent years to trick users into downloading malicious packages from public software repositories. Typosquatters typically use names that are phonetically similar to names of popular and legitimate packages on public repositories, such as npm, PyPI, and Maven. They then rely on users making typos when searching for these packages and downloading their malicious package instead. The technique has become a common software supply chain attack vector.

Aqua found PowerShell Gallery's policies did little to protect against such deception. For instance, the names of most Azure packages on the repository followed a specific pattern, namely, "Az.<package_name>." However, some other very popular Azure packages such as "Aztable" did not follow the pattern and did not have a dot in the name.  

Aqua found that there are no restrictions on the prefixes that package developers can use when naming their packages. For example, when Aqua's researchers crafted a nearly perfect replica of Aztable and labeled it Az.Table, they had no problem uploading the proof-of-concept (PoC) code to PowerShell Gallery. Callback code that Aqua included in the PoC showed that several hosts across various cloud services had downloaded the package in the first few hours alone.

"In our opinion, other registries have more protective measures," Kadkoda says. "For instance, npm, another registry platform by Microsoft, uses 'Moniker' rules specifically designed to combat typosquatting," he says. One example: Since a package named "react-native" already exists on npm, no one labels their module with variation such as "reactnative," "react_native," or "react.native."

Easy to Spoof Owner Identity

Another problem that Aqua uncovered with PowerShell Gallery's policies is how they allowed a threat actor to make a malicious package appear legitimate by faking crucial details such as the Author(s), Description, and Copyright fields.  "An attacker can freely choose any name when creating a user in the PowerShell Gallery," Aqua said in its blog post. "Therefore, determining the actual author of a PowerShell module in the PowerShell Gallery poses a challenging task."

Unsuspecting users who find these packages on PowerShell Gallery can easily be deceived into believing that the author of the malicious package is a legitimate entity, such as Microsoft, Aqua said.

In addition, Aqua's analysis showed that one API in PowerShell Gallery's basically gave threat actors a way to find unlisted modules on the registry — and potentially any sensitive data associated with those modules. Typically, an unlisted module is private and should not be something that an attacker would be able to find via a search of the repository. Aqua researchers found they could not only pull up such modules, they also found one that contained sensitive secrets that belonged to a large technology company.

Kadkoda says there is no evidence to suggested that threat actors have leveraged these weaknesses to sneak malicious package into PowerShell Gallery. However, the threat is real. "It's important to note that, according to Microsoft, they scan PowerShell modules/scripts uploaded to the gallery," Kadkoda says. "This is a good measure to block malicious uploads. However, it remains a cat-and-mouse game between Microsoft's solution and attackers."