GitHub Hijack: What You Should Know

Infiltrating the software supply chain is not a new attack method, but the way cybercriminals insinuate themselves and their malicious code into repositories continues to become more sophisticated. Although developers know that any open-source code should be reviewed and vetted, attackers now work to circumvent that practice.

In a recent campaign targeting the software supply chain, researchers found that attackers chained together multiple tactics, techniques, and procedures (TTPs) to evade detection and poison a popular GitHub community.

Steps of the Attack

This attack highlights the increasingly sophisticated methods that threat actors use to compromise the software supply chain, including:

Typosquatting: Python package mirror “files[.]pypihosted[.]org” that uses a misspelling of popular “files[.]pythonhosted[.]org”
Malicious “Colorama” copy: Inserting malicious code into a copy of a popular package then hosting it on the typosquat domain
Bypassing authentication: Using stolen session cookies to gain access to GitHub accounts
Leveraging reputable GitHub accounts: Taking over accounts, like editor-syntax who maintains Top.gg GitHub, to insert instructions into the repository to download the Colorama copy
Evading detection: Committing multiple files that include malicious link and legitimate files to blend in with legitimate dependencies so users would be less likely to identify it during manual review

Understanding the Malicious Package

To spread the malware and remain hidden, the attackers manipulated the packaged installation process and the trusted Python package ecosystem.

To dig a little deeper into the attack, you should understand how the attacker embedded the malicious package into the Python fetch and execute process:

User downloads the component containing the typosquatted, fake “colorama” from files[.]pypihosted[.]org that include malicious code located in either colorama/tests/__init__.py or colorama/init.py
Malicious payload is hidden by using whitespace so anyone engaging in manual inspection needs to scroll horizontally for a long time.
Malicious component fetches and executes:
- Code from “hxxps[:]//pypihosted[.]org/version” which installs additional components and decrypts hard-coded data using “fernet” library
- Code saved in a temporary file that a legitimate Python interpreter executed
Malicious component fetches more hidden malicious code from “hxxp[:]//162[.]248[.]100[.]217/inj” then executes it.
Code selects a folder and file name on the compromise host then retrieves the final component from “hxxp[:]//162[.]248[.]100.217[:]80/grb.”
Malicious code establishes persistence by modifying the Windows registry, ensuring that system reboots execute the code.

Techniques used to obfuscate the malicious code include:

Character strings containing Chinese and Japanese
zlib compression
Misleading variable names

The attackers use five different usernames, each associated with different malicious packages:

Username: pypi/xotifol394
- jzyrljroxlca
- wkqubsxekbxn
- eoerbisjxqyv
- lyfamdorksgb
- hnuhfyzumkmo
- hbcxuypphrnk
- dcrywkqddo
Username: pypi/poyon95014
- mjpoytwngddh
Username: pypi/tiles77583
- eeajhjmclakf
Username: pypi/felpes
- yocolor
- coloriv
- colors-it
- pylo-color
Username: felipefelpes
- type-color

Indicators of compromise (IoCs) currently include the following:

hxxps[:]//files[.]pythanhosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.5.tar.gz
hxxps[:]//files[.]pypihosted.org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.6.tar.gz
hxxps://files[.]pypihosted[.]org/packages/d8/53/6f443c9a4a8358a93a6792e2acffb9d9d5cb0a5cfd8802644b7b1c9a02e4/colorama-0.4.3.tar.gz
162[.]248.101.215
pypihosted.org/version
162[.]248.100.217
162.248.100.117
0C1873196DBD88280F4D5CF409B7B53674B3ED85F8A1A28ECE9CAF2F98A71207
35AC61C83B85F6DDCF8EC8747F44400399CE3A9986D355834B68630270E669FB
C53B93BE72E700F7E0C8D5333ACD68F9DC5505FB5B71773CA9A8668B98A17BA8

3 Takeaway Lessons

This new attack highlights some significant changes in the way threat actors seek to poison the software supply chain.

Vetting Contributors May Not Work

Developers are always told to – and should always be engaging in – contributor reviews prior to using an open-source component. This attack undercuts that mitigation strategy by leveraging stolen credentials to exploit known, respected contributors.

Even after reviewing repositories, you should ensure that you:

Identify all components and their dependencies
Document components and dependencies using a Software Bill of Materials (SBOM)

Manual Code Reviews Miss Things

By using whitespace and horizontal scrolling to hide their malicious code, the attackers are hoping that developers manually review code rather than using an automated solution. To mitigate risks, you should:

Scan your code regularly to identify vulnerabilities
Compare unknown libraries against open-source and previously analyzed libraries to identify security issues
Integrate security into your existing CI/CD pipelines, ticketing systems, and development tools

Continuously Monitor to Detect Changes

This attack highlights the way threat actors seek to compromise respected contributors and use known packages as a deployment tool. As part of building security into your development processes and application, you should ensure that you can:

Identify changes related to dependencies
Compare scans over time to identify changes that might otherwise go unnoticed
Review apps and dependencies when new IoCs are identified

Qwiet AI: Securing Applications at the Source Code

With Qwiet AI, you can integrate security testing into your current CI/CD pipelines, ticketing systems, and development tools. By building security directly into your current processes, our platform enables you to incorporate container security into your secure software development life cycle (SSDLC) processes while still ensuring that you get the speed you need to deliver software on time.

The Qwiet AI platform gives you visibility into the context around vulnerabilities so that you can effectively prioritize remediation actions based on whether attackers can exploit a weakness in your application and account for whether attackers are currently exploiting that vulnerability in the wild.

Take our preZero platform for a free spin or contact us today to see how Qwiet AI can help you

About Qwiet AI

Qwiet AI empowers developers and AppSec teams to dramatically reduce risk by quickly finding and fixing the vulnerabilities most likely to reach their applications and ignoring reported vulnerabilities that pose little risk. Industry-leading accuracy allows developers to focus on security fixes that matter and improve code velocity while enabling AppSec engineers to shift security left.

A unified code security platform, Qwiet AI scans for attack context across custom code, APIs, OSS, containers, internal microservices, and first-party business logic by combining results of the company’s and Intelligent Software Composition Analysis (SCA). Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, Qwiet AI then provides detailed guidance on risk remediation within existing development workflows and tooling. Teams that use Qwiet AI ship more secure code, faster. Backed by SYN Ventures, Bain Capital Ventures, Blackstone, Mayfield, Thomvest Ventures, and SineWave Ventures, Qwiet AI is based in Santa Clara, California. For information, visit: https://qwiet.ai