Researchers from ReversingLabs have discovered a malicious PyPI package that’s impersonating the official SentinalOne SDK. The package offers a simple way to access and use SentinalOne’s APIs but has additional malicious code that can extract information like SSH keys, credentials, configuration and host files as well as AWS and Kubernetes configuration information.
The package itself, named SentinalOne, was uploaded to PyPI on December 11 and was updated 20 times over the next two days. It has since been taken down but had been downloaded more than 1000 times by then. ReversingLabs has dubbed the campaign SentinalSneak.
As for the functionality of the malicious package, any malicious code did not execute upon installation. Instead, the package waited to be called on programmatically before activating and extracting data in a bid to avoid detection.
What piqued ReversingLabs’ interest though were two api.py files which included the malicious code which extracted the required information and sent it back to an IP address not related to SentinelOne. However, the researchers couldn’t determine whether or not the malware or the command and control centre (C2) were used in active attacks.
This campaign is one of the latest examples of typosquatting attacks that are targetting open-source package repositories like PyPI, npm, Ruby, Github and NuGet among others to push malicious code. Threat actors often make fake, malicious packages and upload them in hopes of tricking developers into falling into the trap.
According to ReversingLabs’ State of Software Supply Chain Security 2022-23 report, there were 1,493 malicious packages reported on PyPI in the first ten months of 2022, as compared to just eight in 2020. That said, in contrast to npm, it’s an almost 60% drop in malicious package uploads this year coming from 3,685 in 2021.