Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware

Researchers spotted a malicious package in the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne.

Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne.

The malicious package was first uploaded to the repository on December 11, 2022, in just two days, attackers pushed twenty versions of the malicious project.

The package claims to offer access the SentinelOne’s APIs, but it actually contains malicious code to harvest sensitive information from development systems, including credentials, configuration data, and SSH keys. The package is part of a malicious campaign tracked by ReversingLabs as “SentinelSneak.

According to the researchers, the package is a copy of the actual SentinelOne SDK python client, and the threat actor added the malicious functionality to its code.

“The package appears to be a fully functional SentinelOne client, but contains a malicious backdoor, ReversingLabs threat researcher Karlo Zanki discovered.” reads the analysis published by ReversingLabs. “The malicious functionality in the library does not execute upon installation, but waits to be called on programmatically before activating — a possible effort to avoid detection. ReversingLabs is calling this campaign “SentinelSneak.””

Threat actors behind the SentinelSneak campaign also released two additional packages, named SentinelOne-sdk and SentinelOneSDK, with similar functionalities.

The fake ‘SentinelOne’ package contains “api.py files that contains the code to steal and exfiltrate data uploading it to the IP address 54[.]254[.]189[.]27).

“we see the malicious code for collecting information about shell command execution history as well as the contents of the .ssh folder containing ssh keys and configuration information, including access credentials and secrets, related to git, kubernetes and AWS services.” continues the post. “The code likewise performs a directory listing of the root directory.”

The analysis of the changes between the versions of the malicious module revealed that threat actors modified it to improve the data collection algorithm and make it work on multiple platforms.

Threat actors published five additional malicious packages with a similar name, these modules did not contain api.py files with malicious functionality, a circumstance that suggests they were used for testing purposes.

The experts discovered that the malicious versions of the package have been downloaded over 1,000 times on PyPI.

The packages were published between December 8th and 11th, 2022. ReversingLabs reported their findings to the PyPI security team on December 15th, 2022, and SentinelOne was notified on December 16th, 2022. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Python)

[adrotate banner=”5″]

[adrotate banner=”13″]