Malicious PyPI Package Hides Backdoor in PNG File
A recent discovery by security researchers has uncovered a malicious PyPI package that contains a backdoor hidden in a PNG file. The package, named requests-darwin-lite, is a fork of the popular requests Python package and was published to the open-source Python repository PyPI.
Malicious package hides backdoor in PNG file
The package was quickly detected by Phylum’s automated risk detection platform, and the supply chain security company published a blog post on the suspicious discovery later the same day.
The requests-darwin-lite package’s setup.py file contains an item called PyInstall that is executed upon installation. When run on macOS systems, PyInstall decodes and runs a base64-encoded command that looks for a specific system universally unique identifier (UUID), suggesting the package creator had a specific intended target or was using the package for testing.
“The package then reads from a PNG file with a similar name to that of the legitimate
requestslogo.” - Phylum researchers
The PNG file, named docs/_static/requests-sidebar-large.png, is about 17MB in size, much larger than the original 300KB logo size, and hides a Golang binary flagged on VirusTotal as an OSX/Sliver backdoor by more than a dozen anti-virus programs.
Sliver is an open-source command-and-control (C2) framework
Sliver is an open-source command-and-control (C2) framework similar to Cobalt Strike that is intended to be used by cybersecurity professionals for red team exercises. Sliver is increasingly being used by threat actors due to being less well known and less likely to be detected compared with Cobalt Strike, according to Phylum.
The requests-darwin-lite creator added the Sliver binary to the PNG, apparently as a form of steganography to disguise its presence. Despite the large file size and unusual contents, the file would be recognized as a PNG by other software and render normally as the requests logo to the end user.
The Phylum researchers found that the first two versions of the package were removed by their original author and replaced with two subsequent versions that did not attempt to run the malicious Golang binary upon installation. In fact, the final version had both PyInstall and the malicious PNG contents removed entirely, rendering it benign.
Regardless, all versions of requests-darwin-lite were removed immediately from the PyPI repository after being reported by the Phylum team. The package was downloaded a total of 417 times prior to its removal.
The purpose for checking the system’s UUID before deploying the backdoor, and the reasons for removing the earlier versions of the package from PyPI, remain a mystery, the Phylum team concluded in its blog post.
