Cybersecurity researchers at JFrog have uncovered a new supply chain attack technique for attacking Python Package Index (PyPI) repositories, potentially impacting over 22,000 software packages and threatening countless users.
The technique, dubbed “Revival Hijack,” exploits a policy loophole allowing attackers to re-register and hijack package names once they are removed from PyPI by the original developers.
Revival Hijack – How it works
Unlike traditional typosquatting attacks, which rely on users misspelling package names, Revival Hijack leverages the removal and re-registration of popular packages. When developers delete their projects from PyPI, the package names become available for anyone else to register. Attackers can then upload malicious versions of these packages, which unsuspecting users may download and install, believing them to be legitimate.
JFrog’s technical analysis revealed that over 22,000 PyPI packages were exposed to the Revival Hijack attack. This means that hundreds of thousands of users could unknowingly download harmful software.
Putting Revival Hijack to test
To demonstrate the viability of the Revival Hijack, JFrog conducted a safe experiment. They created and published a package, then removed it and re-registered it under a different user. The experiment showed that the new, imposter package appeared as a legitimate update, with no warnings from the package manager.
In one such example, on April 12, 2024, JFrog’s systems detected unusual activity involving the ‘pingdomv3’ package. The package had a new owner who released an apparently harmless update followed by a version containing a suspicious, Base64-obfuscated payload. This incident initiated an immediate investigation and led to the removal of the malicious package by PyPI maintainers.
Good and bad news
The good news is that JFrog’s proactive measures have thwarted attempts by malicious actors before any significant damage could occur. ”Although our proactive measure of reserving (“security holding”) these packages and adding safe copies will protect the PyPI community from attackers hijacking the most downloaded packages,” wrote JFrog’s research team.
The bad news is that even with these protective measures, JFrog’s team observed thousands of downloads of the reserved packages within a few days, indicating a high risk of supply chain attacks.
Expert Comment
Henrik Plate, a security researcher at Endor Labs, weighed in on the findings: “This risk is real, and depends on the popularity of the package. The risk probably decreases if packages have been deleted a long time ago.”
Plate noted that the rapid revival of the package in the provided example suggests that attackers could be actively monitoring PyPI for deletions.
“This issue of reviving deleted packages is well-known and falls under the category of ‘Dangling Reference‘ attacks, as documented by the Endor Labs Risk Explorer. This category includes scenarios like revived GitHub repositories and npm packages,” Plate explained.
He emphasized the importance of stringent security guidelines for package registries, referencing the principles proposed by the OpenSSF.
“Using internal package registries can help protect developers by mirroring open source packages, ensuring availability even if they are deleted from public registries. However, these registries must be configured to require a vetting process for new versions of revived packages to prevent the inclusion of potentially malicious code,” he advised.
Stay Alert!
JFrog has reported this issue to PyPI’s security team and urges stricter policies to prevent package names from being reused. They also urge users to stay vigilant and ensure their CI/CD systems are not attempting to install packages that have been removed from PyPI.
