The Python Package Index, or PyPI, continues to surprise and not in a good way.
Ideally a source of Python libraries that developers can include in their projects to save time, PyPI has again been caught hosting packages with live Amazon Web Services (AWS) keys and data-stealing malware.
Malicious packages are, sadly, nothing new for PyPI or for packaging systems like npm, RubyGems, crates.io, and the like. Supply chain attacks – via compromising software libraries or typosquatting – have been an issue for years, though one that has gotten more attention recently with incidents like the compromise of SolarWinds.
Despite enhanced vigilance, these incidents still occur with alarming frequency. Just before the New Year, the maintainers of machine learning framework PyTorch warned that PyTorch-nightly, if installed on Linux via pip, included a compromised dependency available through PyPI called torchtriton.
Less than a week later, security firm Phylum said that in December it had identified a remote access trojan in a PyPI package called pyrologin. Another security firm, ReversingLabs, also spotted a malicious PyPI package that month: The malware was masquerading as an SDK from security firm SentinelOne. And in November, dozens of newly published PyPI packages were found to include W4SP malware.
PyPI had a mass malware culling in March 2021 that resulted in the removal of 3,653 malicious code blocks. But the weeds have returned, to say nothing about the security issues identified through automated analysis a few months later in almost half the PyPI libraries.
Apart from the subverted libraries and the half-decent code, what has PyPI ever given us? Lately, it’s been offering keys that provide access to the AWS computing resources and data used by Amazon, Intel, various US universities, the Australian government, US energy firm Fusion Atomics, and Malaysia-based Top Glove, the world’s largest glove maker, among others.
Brits find the keys, again
UK-based software developer Tom Forbes on Friday published a blog post outlining how he found 57 active API access keys for AWS services from the above mentioned companies.
Forbes built a Rust tool to automatically scan all new packages released on PyPI for the inclusion of AWS API keys. And, well, it works.
Forbes in his post explains that his scanner runs periodically using GitHub Actions and looks for AWS keys in new releases from PyPI, HexPM, and RubyGems. If it finds any, it generates a report with the relevant details that gets committed to the aws-cred-scanner repo.
“This report contains the keys that have been found, as well as a public link to the keys and other metadata about the release,” Forbes said in his post. “Because these keys are committed to a public GitHub repository, Github’s Secret Scanning service kicks in and notifies AWS that the keys are leaked.”
As a result AWS opens a support ticket to notify the offending developer and applies a quarantine policy to limit the potential for misuse of the key.
The problem, of course, is that a less scrupulous person could create a similar scanning script for the purpose of exploitation and abuse. And it would be surprising if that isn’t happening already.
Forbes in an email told The Register that AWS keys of this sort can be misused.
“It depends on the exact permissions given to the key itself,” Forbes explained. “The key I found leaked by InfoSys […….