Faulty invitation mechanism enabled ‘package planting’ attacks

Poisoned packages: NPM vulnerability allowed leveraged developer reputations to legitimize malicious software

Open source software developers’ reputations could be abused to spread malicious NPM packages without their knowledge or consent, security researchers have revealed.

On April 26, the cybersecurity team at Aqua’s Team Nautilus published a security advisory on the issue, which “allowed threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it”.

Until recently, GitHub’s NPM platform allowed any developer to be added to a project as a maintainer without their permission – a potential blind spot that threat actors could readily weaponize.

YOU MAY ALSO LIKE IBM database updates address critical vulnerabilities in third-party XML parser

If an attacker “carefully handpicks” trusted and popular maintainers, then adds them – without their approval – to a malicious package, this could make a package appear legitimate and encourage users to download it, said the researchers.

This technique has been dubbed “package planting” by Team Nautilus.

Logic flaw

“For instance, the package lodash is highly popular and credible,” the researchers say. “If we add its owners Mathias, jdalton, and bnjmnt4n to a new, malicious package, many developers may be tricked into thinking that this package is legitimate and even appealing.”

Lodash, a JavaScript library for utility functions, has been downloaded over 42 million times and has more than 154,000 dependents.

Developers whose reputations are exploited in this way would not be made aware that they were added as package maintainers due to a logic flaw in NPM’s invitation mechanism.

Furthermore, a threat actor could, in theory, add a popular maintainer to a malicious package and then report them for illicit activities – potentially undermining their reputation.

The logic issue was reported to GitHub’s bug bounty platform via HackerOne on February 10, and a fix was deployed on April 26 in the form of a new confirmation mechanism.

Read more of the latest software supply chain attack news

Adding a new maintainer to an NPM project without their approval is no longer possible.

“It’s important to use reliable sources for any third-party components and to secure your environment with solutions that can detect software supply chain threats such as package planting,” the researchers commented.

“NPM users should check that all the packages that are listed under their name truly belong to them, to make sure they weren’t added to any projects without their consent.”

Package Analysis project

In related news, on April 28, Google announced its support for the Open Source Security Foundation's (OpenSSF) Package Analysis project, a prototype scheme for clamping down on the propagation of malicious NPM packages.

The Package Analysis program is being developed to dynamically scan uploaded NPM packages for malicious signatures and to “identify when previously safe software begins acting suspiciously”.

Google is a member of OpenSSF. The tech giant conducted a study of 200 malicious NPM packages uploaded over the course of a month and found that most attacks are based on typosquatting and dependency confusion techniques.

“This effort is meant to improve the security of open source software by detecting malicious behavior, informing consumers selecting packages, and providing researchers with data about the ecosystem,” OpenSSF says. “Though the project has been in development for a while, it has only recently become useful following extensive modifications based on initial experiences.”

The Daily Swig has reached out to GitHub and Aqua with additional queries and we will update this story if and when we hear back.

RELATED Socket: New tool takes a proactive approach to prevent OSS supply chain attacks