New Supply Chain Attack Threatens Thousands of Python Packages
Cybersecurity firm JFrog has identified a novel attack method that poses a serious threat to the Python Package Index (PyPI) repositories, affecting over 22,000 software packages and potentially endangering a vast number of users. Dubbed “Revival Hijack,” this technique exploits a policy loophole, allowing malicious actors to re-register and seize package names that have been removed by original developers.
At the core of the Revival Hijack technique is the practice of removing popular packages from PyPI. Once a package is deleted, its name becomes available for anyone to claim, which attackers can then exploit by uploading malicious versions of the package. Users, often unaware of the change, may mistakenly download these harmful versions, believing them to be legitimate software.
JFrog’s technical analysis disclosed that this vulnerability leaves hundreds of thousands of users at risk of unintentionally downloading trojanized packages. Unlike traditional typosquatting, which preys on users who misspell package names, Revival Hijack hinges on the opportunistic re-registration of packages that have been abandoned by their maintainers.
To substantiate the feasibility of this attack method, JFrog executed a controlled experiment. The researchers created a package, subsequently removed it, and then re-registered it under a different user identity. They found that the re-registered package appeared to users as a legitimate update, devoid of any warnings from the package manager.
In one instance, on April 12, 2024, JFrog detected abnormal activity involving the ‘pingdomv3’ package. This package had a new owner who released an update that seemed harmless, only to later issue a version that included a suspicious, Base64-obfuscated payload. Prompt investigations ensued, culminating in the removal of the malicious package by PyPI’s maintainers.
While JFrog’s proactive measures have successfully thwarted potential exploits from nefarious actors, the situation remains concerning. The firm reported that even with their interventions—such as reserving critical packages and maintaining safe copies—thousands of downloads of the reserved packages occurred within just a few days after the attack’s revelation.
Henrik Plate, a security researcher at Endor Labs, emphasized the tangible nature of this risk, noting that the immediate danger is amplified by the popularity of the affected packages. He pointed out the speed at which attackers can revive harmful packages could indicate active surveillance of PyPI for vulnerabilities, aligning with tactics outlined in the MITRE ATT&CK framework, particularly those involving initial access and persistence.
Plate classified the issue of reviving deleted packages under "Dangling Reference" attacks as identified by the Endor Labs Risk Explorer. He underscored the necessity for robust security protocols within package registries, referencing principles established by the OpenSSF to bolster defenses against such attacks. Employing internal package registries can serve as a safeguard for developers against package deletions, ensuring continued access while requiring stricter vetting for new versions to mitigate the risk of incorporating malicious code.
In response to the risks posed by Revival Hijack, JFrog has alerted the PyPI security team, advocating for stricter policies to disallow the reuse of package names. They urge users to remain vigilant and to configure their CI/CD systems to prevent attempts to install any packages removed from PyPI.
The ongoing risks associated with supply chain vulnerabilities underscore the critical importance of vigilance and proactive measures in safeguarding software development and deployment. As the landscape of cybersecurity continues to evolve, stakeholders must adapt their strategies to anticipate and mitigate these emerging threats effectively.
