A recent report cybersecurity firm Checkmarx has uncovered a series of supply chain attacks targeting popular communication and e-commerce platforms. The attackers inject malicious code into open-source projects, compromising systems and stealing sensitive data.

The targeted platforms in this new wave of attacks include Telegram, Alibaba Cloud, and Amazon Web Services (AWS). The attackers are exploiting vulnerabilities in these platforms to specifically target developers and users. They are using techniques such as Starjacking and Typosquatting to lure developers to malicious packages.

The malicious code is hidden within specific software functions, making it difficult to detect and address. It is strategically embedded into the open-source projects that these platforms rely on. Kohlersbtuh15, the low-key threat actor behind the attacks, launched a series of malicious packages on the PyPi package manager, targeting the open-source community.

Typosquatting is a technique used the attackers to create fake packages that mirror legitimate ones. These fake packages contain a hidden malicious dependency that triggers a malicious script running in the background. The victim is unaware of this as it happens behind the scenes.

Starjacking, on the other hand, involves linking a package hosted on a package manager to an unrelated repository on GitHub. This technique tricks unsuspecting developers into thinking it is an authentic package. In this attack, the threat actor has combined both techniques in the same software package.

The damage caused these attacks goes beyond compromised devices. The attackers can access and exploit various types of data linked to these platforms, including communication details, cloud data, and business-related information. This highlights the ongoing threat of supply chain attacks and the need for increased security measures.

The Open Source Security Foundation (OpenSSF) has responded to the surge in these attacks establishing the Malicious Packages Repository. This initiative aims to provide a platform for reporting and addressing malicious packages.

These attacks serve as a reminder that third-party services and software can be targeted attackers looking to compromise systems and steal data. It is crucial for developers and users to remain vigilant and implement security measures to protect against these types of threats.

Definitions:

– Supply chain attacks: Attacks that exploit vulnerabilities in third-party services or software to gain unauthorized access to targeted systems.

– Malicious code: Code that is intentionally designed to cause harm, such as stealing data or compromising systems.

– Open-source projects: Software projects that are openly available for anyone to use, study, modify, and distribute.

– Typosquatting: A technique where attackers create domain names or package names that are spelled similarly to legitimate ones in order to deceive users.

– Starjacking: A technique where a package hosted on a package manager is linked to an unrelated repository on GitHub to trick developers into downloading a malicious package.

Sources:

– Checkmarx report authored Yehuda Gelb (no URL provided)

– Open Source Security Foundation (OpenSSF) (no URL provided)