Copy Link
Add to Bookmark
Report

NULL mag Issue 03 06 Malicious package in Python

eZine's profile picture
Published in 
null magazine
 · 4 years ago

  

Article from https://hackaday.com/2018/10/31/
when-good-software-goes-bad-malware-in-open-source/

Open Source software is always trustworthy, right? [Bertus] broke a story
about a malicious Python package called "Colourama". When used, it secretly
installs a VBscript that watches the system clipboard for a Bitcoin address,
and replaces that address with a hardcoded one. Essentially this plugin
attempts to redirects Bitcoin payments to whoever wrote the "colourama"
library.

Why would anyone install this thing? There is a legitimate package named
"Colorama" that takes ANSI color commands, and translates them to the Windows
terminal. It's a fairly popular library, but more importantly, the name
contains a word with multiple spellings. If you ask a friend to recommend a
color library and she says "coulourama" with a British accent, you might
just spell it that way. So the attack is simple: copy the original project's
code into a new misspelled project, and add a nasty surprise.

Sneaking malicious software into existing codebases isn't new, and this
particular cheap and easy attack vector has a name: "typo-squatting". But
how did this package get hosted on PyPi, the main source of community
contributed goodness for Python? How many of you have downloaded packages
from PyPi without looking through all of the source? pip install colorama?
We'd guess that it's nearly all of us who use Python.

It's not just Python, either. A similar issue was found on the NPM javascript
repository in 2017. A user submitted a handful of new packages, all
typo-squatting on existing, popular packages. Each package contained
malicious code that grabbed environment variables and uploaded them to the
author. How many web devs installed these packages in a hurry?

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT