• 07 3184 7575
  • May 16, 2024
  • 0 Comments

Malicious actors have launched a software supply chain attack targeting developers on the GitHub platform. CSB recommends taking proactive measures detailed in this Cybersecurity Threat Advisory to mitigate the risk.

What is the threat?

A variety of techniques were used to launch this attack including leveraging stolen browser cookies to take over accounts and contributing malicious code with verified commits on GitHub. This also involved setting up a custom Python mirror and publishing malicious packages to the PyPI (Python Package Index) registry, linking it to popular projects on GitHub. Typo squatting was used to disguise the malicious Python package mirror register as “files[.]pypihosted[.]org,” which closely resembles the official Python mirror, “files.pythonhosted.org.” This is where official artifact files of PyPI packages normally live.

This technique led to the deployment of a tampered copy of Colorama, a package used by developers to add color and style to text in terminal outputs. The threat actors were able to initiate a silent software supply chain attack that stole passwords, credentials, and other data from infected systems targeting developers.

Why is it noteworthy?

Millions of people use GitHub and Colorama which increases the potential impact of this supply chain attack. Unauthorized code changes can have detrimental impacts as well.

What is the exposure or risk?

The malicious resources can steal a wide variety of information, including data from browsers such as Edge, Chrome, Opera, and Yandex. The data includes autofill information, cookies, credit cards, login credentials, and browsing history. This can also get into Discord, looking for tokens that it can decrypt to gain access to the victim’s account and steal cryptocurrency wallets, grab Telegram data, and exfiltrate computer files. It also looks to steal sensitive information from Instagram files using a session token and can log victims’ keystrokes, exposing information like passwords, personal messages, and financial details.

What are the recommendations?

CSB recommends the following actions to limit the impact of this supply chain attack:

  • Verify dependencies and resources before interacting with them.
  • Monitor for suspicious network activity.
  • Maintain a proper security posture to mitigate the risk and impact of this attack.

References

For more in-depth information about the recommendations, please visit the following links:

Previous Post
Does Cybersecurity Discriminate Against Small Businesses?

Subscribe to our newsletter

Subscribe to our newsletter and get the latest updates on news, technology, tips, and tricks on how to securing your business.


Join Our Newsletter

Please complete this form to create an account, receive email updates and much more.
  *
 
 
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.