Python's Official Repository Included 10 'Malicious' Typo-Squatting Modules

An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI -- Python Package Index -- the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday."
The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature.

Ars Technica also reports that another team of researchers "was able to seed PyPI with more than 20 libraries that are part of the Python standard library," and that group now reports they've already received more than 7,400 pingbacks.

pip

[globaljustin]

I use pip install all the time...well pip3 install

pypl is great but they could increase their security at bit and still keep the same level of functionality. This malware is kind of obvious, or at least it seems like it should be obvious to security people.

I remember thinking on more than a few occasions that pypl could be easily misused by beginners.

cryptographic signature?

[thesupraman]

What the hell would that change?

The vector here is people asking for a module that is named similar to the one they want, pip in installing exactly the module they are mistakenly asking for - there is no reason that any cryptographic signature would be failed.

The only marginal finger-pointing possible here is at PyPl for allowing typo squating, however even that is marginal.

Basically, if you are installing modules from 'dah internetz', you should take just a little care, perhaps?

Unless what they are trying

Re:

[cdreimer]

The thing is, typos happen.

Sometimes it's not even that. Beautiful Soup is the module for parsing HTML and XML files. However, beautifulsoup (bs) is the legacy version and beautifulsoup4 (bs4) is the version that everyone should be using. It's very easy to install the former when you need the latter.

https://www.crummy.com/software/BeautifulSoup/bs4/doc/#installing-beautiful-soup [crummy.com]

Re:

[thesupraman]

And how exactly would a cryptographic signature help that?
It would just certify that you had actually installed the right cones typo squatter correctly....

Unless there was a central controller of who was allowed to publish python extensions.

Is that what you want? It's called a walled garden...

Re:

[arth1]

A lot of geeks are slightly dyslexic

No. Geeks are known for being sticklers for precision. Computer geeks in particular, because operating systems do pay attention and distinguish "rm -rf /var/tmp/install" from "rm -rf / var/tmp/install".
If they have dysIexia, they keep it on a tight leash.
And geeks also tend to not blindly follow links, but enter them whenever possible.
Downloading and installing a package with almost the right name is a good indication that it was not done by a geek.

Re:

[flargleblarg]

distinguish "rm -rf /var/tmp/install" from "rm -rf / var/tmp/install".

Oh, come on. You know it's supposed to be
rm -fr /var/tmp/install

Author's signature

[DrYak]

What the hell would that change?

If anything remotely like the way it is handled in RPM repositories, at least the identity of the author is different.
urlib and urllib would be submitted by 2 different authors.
menaning that pypi would either "installing urllib, signed by 0xb00b1e5 'original@author.com' ? [Y/N]" or
"installing urllib, signed by 0xdeadbeef 'evil@hacker.com' ? [Y/N] "
(in a way, that is something that already is happening with GitHub repository as the author's nickname or the company's/project names are part of the URL)

it's not

Good luck getting signed w/o other devs in town

[tepples]

maybe they are better at spotting a whole different author identity

Good luck with that, as email addresses and author usernames can also be typosquatted, and unless you have the resources of Facebook to bruteforce a hash [ycombinator.com], key IDs aren't going to be as memorable as "boobies" or "dead beef".

installing urllib, signed by 0xb00b1e5 'original@outlook.com'
# vs.
installing urlib, signed by 0xdeadbeef 'origina1@outlook.com'

I'm more of a Perl guy than Python guy [...] but if the most common non-core modules are developed by a few known authors

Does CPAN have the same situation where "common non-core modules are developed by a few known authors"?

Yet another way to use cryptography, would be to take notice from GPG's web of trust

I imagine OpenPGP's web of trust would have two significa

Re:

[david_thornley]

If anything remotely like the way it is handled in RPM repositories, at least the identity of the author is different. urlib and urllib would be submitted by 2 different authors. menaning that pypi would either "installing urllib, signed by 0xb00b1e5 'original@author.com' ? [Y/N]" or "installing urllib, signed by 0xdeadbeef 'evil@hacker.com' ? [Y/N] "

When I'm looking for a library, I typically don't know or care who the original author was. I just want the library to do something I want done.

Re:

[Z00L00K]

And how would cryptographically signed even help?

Anyone letting a package into a library site need to verify it before it can be downloaded.

If you download stuff from an unofficial library then you are on your own. But most of the unofficial sites are friendly though, so don't be too scared.

Re:pip

[lucm]

And how would cryptographically signed even help?

That way you can be sure that if you download malware, it's not tampered with.

Re:

[lkcl]

And how would cryptographically signed even help?

That way you can be sure that if you download malware, it's not tampered with.

all it tells you is, the signature was valid. whilst it links the file *to* the signature, it doesn't tell you anything about the trustworthiness of the PERSON. for that, you need much much more than just a legitimate signature: you need a full web-of-trust and for the package uploaders to be involved in key-signing parties, where they've basically (collectively) staked their reputation on trusting the ACTUAL identity. this becomes incredibly hard to compromise when there are multiple people involved. n

Re:

[arth1]

That way you can be sure that if you download malware, it's not tampered with.

all it tells you is, the signature was valid

Whoosh!

Re:

[tepples]

A key-signing party will let you verify the identity of living in the same city who have attended the same key-signing party as you. How will it let you verify someone on another continent, especially when you have no way of verifying the trustworthiness of intermediate signers to verify other people?

How is key signing organized?

[tepples]

Then explain why DEB, RPM, Maven, CPAN, etc infrastructures work just fine?

I honestly don't know how those work fine. How did the first Debian Maintainer on each continent travel to get his key signed [debian.org] by a Debian Developer, as the process [debian.org] requires?

Re:

[tepples]

How did the first Debian Maintainer in each country travel to get his key signed? DebConf hasn't been around long enough to have held one in each country. And even for those countries in which DebConf has been held, how did the first Debian Maintainer in each state or province travel to get his key signed?

Is there a way to verify identity that doesn't involve spending months' minimum wage to travel hundreds of kilometers?

Re:

[david_thornley]

There are people I would calmly trust my life to. Some of them, in my opinion, don't have really good judgment, and I'm not sure I want to trust their friends. That's the problem I see with webs of trust.

Re:

[lkcl]

I use pip install all the time...well pip3 install

pypl is great but they could increase their security at bit and still keep the same level of functionality.

it's actually incredibly comprehensive and extremely involved. for a completely separate team, i'm just in the process of writing up the requirements (following software engineering practices) which cover exactly this scenario: you can read them here if you like (note: they're in development and undergoing review): http://lkcl.net/reports/wot/ [lkcl.net]

basically from that MASSIVE list - a whopping EIGHTEEN separate and distinct requirements and that's not even getting into implementation details - you should be gett

Re:

[tepples]

new package uploaders would then also need to be "approved" - it would need to become impossible for just any arbitrary-named package to be uploaded, as their GPG key would need to be verified as being part of the web-of-trust.

Then how would a new developer enter the web of trust without traveling internationally to a key-signing party?

if you're using a mac or using windows, you could at least have a mirror-machine where you do (if it's debian) "apt-get install python-mysqldb" or "apt-get source python-mysqldb" and then copy that over?

Good luck with that when after having installed Debian for the first time on your mirror-machine, your mirror-machine can't connect to the network because its NIC is unsupported.

Re:

[cdreimer]

Pip is the markings on dominoes and dice.

https://en.wikipedia.org/wiki/Pip_(counting) [wikipedia.org]

Re:

[cdreimer]

How does one quarantine an operating system?

The most secured version of Windows is installed on a PC with no cables attached inside a locked room.

One step further

[BlackPignouf]

This gave me an idea! I'll launch my own Python repository, called PyPl.

Solution?

[Rockoon]

Step 1: Require that package names are treated as case insensitive.
Step 2: Require that all package names be at least 3 characters long.
Step 3: Require that the minimum edit distance between the names of any two packages be at least 1/3rd of the length of the longer name.

Now step 3 will be a problem for some. Lets suppose I develop the package "FooBar" and while it has become semi-popular that some issues need to be addressed that will break compatibility. "FooBar2" will fail step 3 here and some will n

Re:

[HiThere]

Do you understand the difference between major and minor version numbers? Or realize that major version number changes frequently indicate breaking compatibility?

I will grant you that Linux has (recently) dropped that tradition, but that was because the number of minor version changes has gotten too large. Very few pieces of software have that rationale. (It's also because Linus found large numbers of minor version changes esthetically unpleasant.)

If you go back a bit further, the sub-minor version chang

Re:

[Rockoon]

Do you understand that we are talking about libraries, not operating system and applications?

You go on and on and on when you dont even know whats being discussed.

"Official Repository"? No.

[HiThere]

PyPi isn't the official repository of the Python project, is a useful adjunct site. It does hold lots of packages that aren't in the official repository. But it's no more the official Python repository then http://ftp.us.debian.org/debia... [debian.org] which also holds a lot of Python packages that are easy to install (on a Debian system).