By meticulously monitoring and analyzing every package published in real-time across seven diverse ecosystems (i.e., npm, PyPI, RubyGems, Nuget, Crates.io, Golang, and Maven), Phylum provides an unparalleled perspective on potential security threats targeting software packages and the developers that use them. This vigilant approach enables the detection and tracking of attacker behavior across each package registry, rendering crucial and timely insights into the strategies and mindsets of threat actors.

In our Q3 Evolution of Software Supply Chain Security Report, we highlighted an alarming surge in attack sophistication aimed at developers and package ecosystems. The landscape is riddled with multifaceted threats, ranging from broad typosquatting campaigns on Crates.io and targeted npm attacks, to malware triage inefficiencies in the Python Package Index (PyPI). This escalation in malicious activities and the diversity of the threats encountered emphasize the immediate need for broader security measures and heightened awareness within the developer community to better safeguard our software supply chains against these evolving risks.

In Q3, Phylum analyzed 203M files across 3M total packages. Across all packages analyzed this quarter, Phylum saw the following behaviors:

• 974 packages targeted specific groups or organizations 
• 10,201 packages referenced known malicious URLs 
• 85,805 packages contained pre-compiled binaries 
• 13,708 packages executed suspicious code during installation 
• 7,894 packages made requests to servers by IP address 
• 5,502 packages attempted to obfuscate underlying code 
• 370 packages enumerated system environment variables 
• 3,662 packages imported dependencies in a non-standard way 
• 1,481 packages surreptitiously downloaded and executed code from a remote source 
• 2,598 typosquat packages were identified 
• 5,033 packages were registered by authors with throwaway email accounts 
• 59,793 spam packages were published across ecosystems 

Across the board, we saw an increase in packages exhibiting behaviors congruent with malware activity compared to Q2 2023. Shockingly, we saw a 47.4% increase in packages targeting specific organizations. These packages often deliver credential-harvesting malware, or exfiltrate source code or other intellectual property. This figure follows the trend we’ve continued to see quarter over quarter: attackers are now beginning to narrow their focus. Instead of running broad typosquat campaigns, they now target specific organizations directly.

More Sophisticated and More Targeted Threats

NPM, the Javascript package registry, served approximately 24 billion downloads in a selected week. How many developers verified the integrity of the downloaded code and ensured that it didn’t contain a malicious update or outright malware? The answer is, astonishingly, nearly none of them.

From an attacker’s lens, this is the perfect space to launch an attack: a large, mostly unguarded attack surface and a user base willing to execute unknown code on their machines. This perfect storm means we expect attacks to continue to increase in sophistication and frequency merely because they are so fruitful. The campaigns detailed below should serve as the harbinger of broader attack campaigns to come, and we should prepare ourselves for things like large-scale ransomware attacks, botnet activity, and intellectual property and user data theft originating from open-source packages in the next twelve to eighteen months.

Some of the more sophisticated attacks in Q3 2023 include:

Nation State Attacks Targeting Developers

At the end of Q2 2023, Phylum was the first to uncover a series of meticulously orchestrated attacks on npm. These attacks were later attributed to North Korean state-affiliated actors by Github. These attacks continued into Q3, with campaigns against PyPI and additional attacks against npm.

These campaigns were strategically executed and highly targeted, focusing on fintech, financial institutions, and cryptocurrency. These campaigns are a far cry from the malware that dominated these ecosystems in late 2021 and early 2022. Most of the packages published during that timeframe were simple credential stealers, which you might find on Github with a “for educational purposes” disclaimer containing the most rudimentary data exfiltration capabilities.

These new campaigns are different. While we cannot accurately attribute all suspected nation-state activity, the core theme across each is sophistication that demonstrates a technical proficiency by a bad actor that hasn’t been readily seen in open-source attacks. Most alarmingly, the cadence of these attacks is increasing. Underscoring the dire need for active monitoring of software supply chains.

Command and Control via Email Validation

Developers are in a constant time crunch to develop and ship features. Security considerations rarely gain you any story points and generally have a negative draw on development velocity. It is for this reason that utility packages are so enticing. They allow developers to ship features faster because they do not have to write functionality from scratch. Rarely, though, do these packages receive the scrutiny they likely deserve.

On August 24, Phylum’s automated risk detection system identified such an npm package. emails-helper, the package in question, claimed to be an email validation library. A review of the code indicated that it contained a very simplistic but otherwise legitimate email validation tool.

Approximately 6.5 hours after publication, a package update introduced several binaries masquerading as .txt files.

As with most malware in the npm ecosystem, the package executed immediately upon installation. Notable things that stand out about this package, especially compared to early malware publications from several years back, include that it:

• Leveraged DNS as a communication channel. 
• Attempted to identify production vs. staging development infrastructure. 
• Exfiltrated private SSH keys. 
• Implemented an actual encryption scheme for data. 

The result was the exfiltration of sensitive data, allowing access to critical organizational infrastructure and distributing a Cobalt Strike Beacon for setting up a persistent command and control (C2) channel.

Fake Software Supply Chain Security

On August 9, 2023, Phylum’s automated risk detection platform flagged a suspicious publication on npm. While investigating this package, we received subsequent alerts on August 10 and again on August 11 about two more packages belonging to this campaign.

As with the previously mentioned campaign, this attack automatically initiated at package installation. Much like the more sophisticated attacks we’ve been witnessing, this campaign leveraged a mixture of encryption, a persistence mechanism, and a C2 system.

Unlike many of the rudimentary attacks by fledgling attackers, the packages involved in this campaign do not include code lifted from some other repository or package. There were no well-known credential stealers, and a review of the code clarified that the package was specifically developed as part of this campaign.

After initiating the install, the package backgrounded a process and periodically beaconed to a benign-sounding/api/captcha endpoint. Any data returned by the endpoint was decrypted and immediately executed.

How does this compare to earlier campaigns? Below we note a few characteristics that seemed to be common amongst early open-source software supply chain attacks.

• Packages were part of large typosquat campaigns and appear opportunistic. 
• Packages shipped the final malicious payload with the package itself. 
• Aside from periodic basic obfuscation, no real attempts were made to hide the package’s behavior. 
• Packages rarely contained any command and control component. 

Looking at this particular campaign and most others we encountered during this quarter, we see that almost none of the above holds true. Packages in this campaign:

• Were highly targeted. 
• Only 15 packages were released in total. 
• The final malicious payloads were not part of the original package and came directly from the attacker after an infection. 
• Encrypted data before dispatching it, and only applied light obfuscation to mask the remote hostname, which facilitated its ability to hide in plain sight without drawing attention to actual malicious functionality. 
• Contained an actual command and control system that allowed the attacker to issue additional commands, post-infection. 

We are trending toward a new normal. An increase in sophistication will make identifying software supply chain attacks more difficult. The targeted nature of these attacks means fewer indicators to hit on, so attackers can easily hide in the noise of millions of monthly package publications. Now is the time to begin fortifying software supply chains.

Has your organization already been impacted? How do you know?

Learn more about how Phylum defends developers and applications from software supply chain attacks at https://www.phylum.io/.