A malicious PyPI package based on the popular “requests” package was found to contain a backdoor hidden in a PNG file, security researchers revealed Friday.
The package, “requests-darwin-lite,” is a fork of the legitimate “requests” Python package and was published to the open-source Python repository PyPI on Friday, according to Libraries.io.
The package was quickly detected by Phylum’s automated risk detection platform, and the supply chain security company published its blog post on the suspicious discovery later the same day.
The “requests-darwin-lite” package’s setup.py file contains an item called “PyInstall” that is executed upon installation. When run on macOS systems, PyInstall decodes and runs a base64-encoded command that looks for a specific system universally unique identifier (UUID), suggesting the package creator had a specific intended target or was using the package for testing, the Phylum researchers said.
If the UUID of the system matches the UUID specified, the package then reads from a PNG file with a similar name to that of the legitimate “requests” logo. This “docs/_static/requests-sidebar-large.png” file is about 17MB — much larger than the original 300KB logo size — and hides Golang binary flagged on VirusTotal as an OSX/Sliver backdoor by more than a dozen anti-virus programs.
Sliver is an open-source command-and-control (C2) framework similar to Cobalt Strike that is intended to be used by cybersecurity professionals for red team exercises. Sliver is increasingly being used by threat actors due to being less well known and less likely to be detected compared with Cobalt Strike, according to Phylum.
The “requests-darwin-lite” creator added the Sliver binary to the PNG, apparently as a form of steganography to disguise its presence. Despite the large file size and unusual contents, the file would be recognized as a PNG by other software and render normally as the “requests” logo to the end user as well.
The Phylum researchers found that the first two versions of the package were removed by their original author and replaced with two subsequent versions that did not attempt to run the malicious Golang binary upon installation — in fact, the final version had both PyInstall and the malicious PNG contents removed entirely, rendering it benign, the researchers wrote.
Regardless, all versions of “requests-darwin-lite” were removed immediately from the PyPI repository after being reported by the Phylum team. The package was downloaded a total of 417 times prior to its removal, according to PePy.
The purpose for checking the system’s UUID before deploying the backdoor, and the reasons for removing the earlier versions of the package from PyPI, remain a mystery, the Phylum team concluded in its blog post.
“Maybe they left up the version with the malicious binary because they intended to depend on it from another package at some other time, or perhaps even pull it form another piece of software down the line,” the Phylum Research Team wrote. “Either way, we have yet another example of attackers resorting to more evasive and complex techniques to distribute malware in open source ecosystems.”