The Hitchhiker's Guide to Malicious Third-Party Dependencies
Authors: 
Piergiorgio Ladisa, Merve Sahin, Serena Elisa Ponta, Marco Rosa, Matias Martinez, Olivier BaraisAuthors Info & Claims
Piergiorgio Ladisa, Merve Sahin, Serena Elisa Ponta, Marco Rosa, Matias Martinez, Olivier BaraisAuthors Info & ClaimsPages 65 - 74
Abstract
The increasing popularity of certain programming languages has spurred the creation of ecosystem-specific package repositories and package managers. Such repositories (e.g., npm, PyPI) serve as public databases that users can query to retrieve packages for various functionalities, whereas package managers automatically handle dependency resolution and package installation on the client side. These mechanisms enhance software modularization and accelerate implementation. However, they have become a target for malicious actors seeking to propagate malware on a large scale. In this work, we show how attackers can leverage capabilities of popular package managers and languages to achieve arbitrary code execution on victim machines, thereby realizing open-source software supply chain attacks. Based on the analysis of 7 ecosystems, we identify 3 install-time and 4 runtime techniques, and we provide recommendations describing how to reduce the risk when consuming third-party dependencies. We provide example implementations that demonstrate the identified techniques. Furthermore, we describe evasion strategies employed by attackers to circumvent detection mechanisms.
References
[1]
[n. d.]. Build Scripts - The Cargo Book. https://doc.rust-lang.org/cargo/reference/ build-scripts.html. [Accessed 30-Jun-2023].
[2]
[n. d.]. Chapter 12. Execution - docs.oracle.com. https://docs.oracle.com/javase/ specs/jls/se20/html/jls-12.html [Accessed 28-08--2023].
[3]
[n. d.]. Chapter 8. Classes - docs.oracle.com. https://docs.oracle.com/javase/ specs/jls/se20/html/jls-8.html. [Accessed 28-08--2023].
[4]
[n. d.]. Command-line interface / Commands - Composer -- getcomposer.org. https://getcomposer.org/doc/03-cli.md#install-i. [Accessed 30-Jun-2023].
[5]
[n. d.]. Effective Go - The Go Programming Language. https://go.dev/doc/ effective_go. [Accessed 30-Jun-2023].
[6]
[n. d.]. Gems with Extensions. https://guides.rubygems.org/gems-withextensions. [Accessed 30-Jun-2023].
[7]
[n. d.]. MITRE ATT&CK; -- attack.mitre.org. https://attack.mitre.org/. [Accessed 30-Jun-2023].
[8]
[n. d.]. Modules: Packages. https://nodejs.org/api/packages.html. [Accessed 30-Jun-2023].
[9]
[n. d.]. npm-install - npm Docs. https://docs.npmjs.com/cli/v9/commands/npminstall. [Accessed 30-Jun-2023].
[10]
[n. d.]. package.json - npm Docs. https://docs.npmjs.com/cli/v8/configuringnpm/package-json#scripts. [Accessed 30-Jun-2023].
[11]
[n. d.]. pip install - pip documentation v23.1.2 -- pip.pypa.io. https://pip.pypa.io/ en/stable/cli/pip_install/#cmdoption-only-binary. [Accessed 30-Jun-2023].
[12]
[n. d.]. Scripts - Composer -- getcomposer.org. https://getcomposer.org/doc/ articles/scripts.md#scripts. [Accessed 30-Jun-2023].
[13]
[n. d.]. The import system. https://docs.python.org/3/reference/import.html. [Accessed 30-Jun-2023].
[14]
2022. Stack Overflow Developer Survey 2022 -- survey.stackoverflow.co. https: //survey.stackoverflow.co/2022/#technology-most-loved-dreaded-and-wanted. [Accessed 30-Jun-2023].
[15]
2023. PyPI new user and new project registrations temporarily suspended. https://status.python.org/incidents/qy2t9mjjcc7g?u=l1b53kd6n2rs. [Accessed 30-Jun-2023].
[16]
Aadesh Bagmar, Josiah Wedgwood, Dave Levin, and Jim Purtilo. 2021. I know what you imported last summer: A study of security threats in thepython ecosystem. arXiv preprint arXiv:2102.06301 (2021).
[17]
Nicholas Boucher and Ross Anderson. 2023. Trojan Source: Invisible Vulnerabilities. (2023).
[18]
Check Point Research. 2022. Check Point CloudGuard Spectral exposes new obfuscation techniques for malicious packages on PyPI. https://research.checkpoint.com/2022/check-point-cloudguard-spectralexposes-new-obfuscation-techniques-for-malicious-packages-on-pypi/. [Accessed 30-Jun-2023].
[19]
C.S. Collberg and C. Thomborson. 2002. Watermarking, tamper-proofing, and obfuscation - tools for software protection. IEEE Transactions on Software Engineering 28, 8 (2002), 735--746. https://doi.org/10.1109/TSE.2002.1027797
[20]
Christian Collberg, Clark Thomborson, and Douglas Low. 1997. A taxonomy of obfuscating transformations. Technical Report. Department of Computer Science, The University of Auckland, New Zealand.
[21]
Ruian Duan, Omar Alrawi, Ranjita Pai Kasturi, Ryan Elder, Brendan Saltaformaggio, and Wenke Lee. 2021. Towards Measuring Supply Chain Attacks on Package Managers for Interpreted Languages. In Proceedings of the Network and Distributed System Security Symposium (NDSS).
[22]
ENISA. 2022. ENISA Threat Landscape 2022. https://www.enisa.europa.eu/ publications/enisa-threat-landscape-2022. [Accessed 30-Jun-2023].
[23]
Geek. 2010. Tricky use of static initializer in Java - Override println - geekexplains.blogspot.com. http://geekexplains.blogspot.com/2009/05/tricky-use-ofstatic-initializer-in.html. [Accessed 28-08--2023].
[24]
Paulo Gomes. 2019. Golang: stop trusting your dependencies! https://itnext. io/golang-stop-trusting-your-dependencies-a4c916533b04. [Accessed 30-Jun2023].
[25]
Michael Henriksen. 2021. Finding Evil Go Packages. https://michenriksen.com/ blog/finding-evil-go-packages/. [Accessed 11-Jul-2023].
[26]
The White House. 2021. Executive Order on Improving the Nation's Cybersecurity. https://www.whitehouse.gov/briefing-room/presidential-actions/2021/ 05/12/executive-order-on-improving-the-nations-cybersecurity. [Accessed 30-Jun-2023].
[27]
Thomas Hunter II. [n. d.]. Compromised npm Package: event-stream - medium.com. https://medium.com/intrinsic-blog/compromised-npm-packageevent-stream-d47d08605502. [Accessed 30-08--2023].
[28]
Piergiorgio Ladisa, Henrik Plate, Matias Martinez, and Olivier Barais. 2023. SoK: Taxonomy of Attacks on Open-Source Software Supply Chains. IEEE Symposium on Security and Privacy (SP), 1509--1526.
[29]
Piergiorgio Ladisa, Henrik Plate, Matias Martinez, Olivier Barais, and Serena Elisa Ponta. 2022. Risk Explorer for Software Supply Chains: Understanding the Attack Surface of Open-Source Based Software Development. In Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 35--36.
[30]
Piergiorgio Ladisa, Henrik Plate, Matias Martinez, Olivier Barais, and Serena Elisa Ponta. 2022. Towards the Detection of Malicious Java Packages. In Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 63--72.
[31]
Frank Nagle, James Dana, Jennifer Hoffman, Steven Randazzo, and Yanuo Zhou. 2022. Census II of Free and Open Source Software-Application Libraries. Linux Foundation, Harvard Laboratory for Innovation Science (LISH) and Open Source Security Foundation (OpenSSF) 80 (2022).
[32]
Marc Ohm. 2020. Backstabber's Knife Collection. https://dasfreak.github.io/ Backstabbers-Knife-Collection. [Accessed 30-Jun-2023].
[33]
Marc Ohm, Felix Boes, Christian Bungartz, and Michael Meier. 2022. On the Feasibility of Supervised Machine Learning for the Detection of Malicious Software Packages. In Proceedings of the 17th International Conference on Availability, Reliability and Security. 1--10.
[34]
Marc Ohm, Henrik Plate, Arnold Sykosch, and Michael Meier. 2020. Backstabber's Knife Collection: A Review of Open Source Software Supply Chain Attacks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). 23--43.
[35]
Marc Ohm, Timo Pohl, and Felix Boes. 2023. You Can Run But You Can't Hide: Runtime Protection Against Malicious Package Updates For Node. js. arXiv preprint arXiv:2305.19760 (2023).
[36]
Chinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, and James C. Davis. 2022. SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties. In Proceedings of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED). 15--24.
[37]
Brian Pfretzschner and Lotfi ben Othmane. 2017. Identification of DependencyBased Attacks on Node.Js. In Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES). 1--6.
[38]
Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. 2016. Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis? ACM Comput. Surv. 49, 1, Article 4 (apr 2016), 37 pages. https://doi.org/10.1145/2886012
[39]
Savio Antony Sebastian, Saurabh Malgaonkar, Paulami Shah, Mudit Kapoor, and Tanay Parekhji. 2016. A study & review on code obfuscation. In 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave). 1--6. https://doi.org/10.1109/STARTUP.2016.7583913
[40]
Adriana Sejfia and Max Schäfer. 2022. Practical Automated Detection of Malicious npm Packages. In Proceedings of the 44th International Conference on Software Engineering (ICSE). 1681--1692.
[41]
Michael Sikorski and Andrew Honig. 2012. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (1st ed.). No Starch Press, USA.
[42]
Sonatype. 2022. 8th Annual State of the Software Supply Chain Report. https: //www.sonatype.com/state-of-the-software-supply-chain. [Accessed 30-Jun2023].
[43]
Phylum Research Team. 2022. Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack. https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packagesattempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack/. [Accessed 30-Jun-2023].
[44]
Sonatype Security Research Team. [n. d.]. Sonatype Stops Software Supply Chain Attack Aimed at the Java Developer Community - blog.sonatype.com. https://blog.sonatype.com/malware-removed-from-maven-central. [Accessed 22-08--2023].
[45]
The PyTorch Team. 2023. Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022. https://pytorch.org/blog/ compromised-nightly-dependency. [Accessed 30-Jun-2023].
[46]
Bill Toulas. 2023. Malicious Lolip0p PyPi packages install info-stealing malware. https://www.bleepingcomputer.com/news/security/malicious-lolip0ppypi-packages-install-info-stealing-malware. [Accessed 30-Jun-2023].
[47]
Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos, and Pablo G. Bringas. 2015. SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers. In 2015 IEEE Symposium on Security and Privacy. 659--673. https://doi.org/10.1109/SP.2015.46
[48]
Filippo Valsorda. 2022. How Go Mitigates Supply Chain Attacks. https://go.dev/ blog/supply-chain. [Accessed 30-Jun-2023].
[49]
Bouke van der Bijl. 2015. Monkey Patching in Go. https://bou.ke/blog/monkeypatching-in-go/. [Accessed 30-Jun-2023].
[50]
Steven Vaughan-Nichols. 2022. Linus Torvalds: Rust will go into Linux 6.1 - - zdnet.com. https://www.zdnet.com/article/linus-torvalds-rust-will-go-intolinux-6--1. [Accessed 30-Jun-2023].
[51]
Jeff Williams. 2009. Enterprise Java Rootkits: "Hardly anyone watches the developers". In BlackHat USA.
[52]
Elizabeth Wyss, Alexander Wittman, Drew Davidson, and Lorenzo De Carli. 2022. Wolf at the Door: Preventing Install-Time Attacks in Npm with Latch. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (ASIACCS). 1139--1153.
[53]
Hui Xu, Yangfan Zhou, Yu Kang, and Michael R. Lyu. 2017. On Secure and Usable Program Obfuscation: A Survey. arXiv:1710.01139 [cs.CR]
[54]
Ilsun You and Kangbin Yim. 2010. Malware Obfuscation Techniques: A Brief Survey. In 2010 International Conference on Broadband, Wireless Computing, Communication and Applications. 297--300. https://doi.org/10.1109/BWCCA.2010.85
[55]
Nusrat Zahan, Thomas Zimmermann, Patrice Godefroid, Brendan Murphy, Chandra Maddila, and Laurie Williams. 2022. What are weak links in the npm supply chain?. In Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE). 331--340.
[56]
Karlo Zanki. 2022. IconBurst NPM software supply chain attack grabs data from apps and websites. https://www.reversinglabs.com/blog/iconburst-npmsoftware-supply-chain-attack-grabs-data-from-apps-websites. [Accessed 30- Jun-2023].
[57]
Markus Zimmermann, Cristian-Alexandru Staicu, Cam Tenny, and Michael Pradel. 2019. Small World with High Risks: A Study of Security Threats in the npm Ecosystem. In 28th USENIX Security Symposium (USENIX Security). 995--1010.
Index Terms
- The Hitchhiker's Guide to Malicious Third-Party Dependencies
Recommendations
On the Feasibility of Cross-Language Detection of Malicious Packages in npm and PyPI
ACSAC '23: Proceedings of the 39th Annual Computer Security Applications ConferenceCurrent software supply chains heavily rely on open-source packages hosted in public repositories. Given the popularity of ecosystems like npm and PyPI, malicious users started to spread malware by publishing open-source packages containing malicious ...
Towards the Detection of Malicious Java Packages
SCORED'22: Proceedings of the 2022 ACM Workshop on Software Supply Chain Offensive Research and Ecosystem DefensesOpen-source software supply chain attacks aim at infecting downstream users by poisoning open-source packages. The common way of consuming such artifacts is through package repositories and the development of vetting strategies to detect such attacks is ...
Malicious sequential pattern mining for automatic malware detection
An effective framework using sequence mining technique is proposed for automatic malware detection.An efficient sequential pattern mining algorithm for discovering discriminative patterns between malware and benign samples.A new nearest neighbor ...
Comments
Information & Contributors
Information
Published In
November 2023
111 pages
ISBN:9798400702631
DOI:10.1145/3605770
- General Chairs:
- Santiago Torres-Arias,
- Marcela Melara,
- Laurent Simon,
- Program Chairs:
- Nikos Vasilakis,
- Kathleen Moriarty
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 November 2023
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- Sec4AI4Sec
- AssureMOSS
Conference
CCS '23
Sponsor:
CCS '23: ACM SIGSAC Conference on Computer and Communications Security
November 30, 2023
Copenhagen, Denmark
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 114Total Downloads
- Downloads (Last 12 months)114
- Downloads (Last 6 weeks)10
Reflects downloads up to 14 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in