‘Revival Hijack on PyPI: Concealing Malware with Authentic File Names’

Published:

spot_img

Security Researchers Uncover Threat of Malicious Payloads via PyPI Revival Hijack

Security researchers have uncovered a devious tactic that enables attackers to distribute malicious payloads through the PyPI package repository. Dubbed the “Revival Hijack” method, this technique involves re-registering a malicious package on PyPI using the same name as a previously registered but now removed legitimate package. Subsequently, unsuspecting organizations download these rogue packages, unaware of the potential threat they pose.

JFrog researchers issued a warning this week, urging PyPI users to remain vigilant and ensure their CI/CD machines do not attempt to install packages that were once removed from the repository. The researchers recently observed a threat actor employing this tactic in an apparent effort to disseminate malware.

This method is just one of several tactics that cyber adversaries have employed in recent years to infiltrate enterprise environments through public code repositories such as PyPI. Other common tactics include cloning and infecting popular repositories, poisoning artifacts, leveraging leaked secrets, and typosquatting attacks.

According to JFrog, when a developer removes a project from PyPI, the associated package names become immediately available for anyone to use. This provides attackers with an easy opportunity to hijack these package names and potentially infect unsuspecting users who try to update or install the “new” versions.

In response to their findings, JFrog researchers hijacked the most popular abandoned packages on PyPI to prevent adversaries from misusing them. Despite their efforts, the threat of Revival Hijack remains pervasive, highlighting the need for stronger security measures on the PyPI repository. JFrog recommended that PyPI prohibit the reuse of abandoned package names to mitigate this threat effectively. Organizations using PyPI are advised to exercise caution when upgrading to new package versions to avoid falling victim to these malicious tactics.

spot_img

Related articles

Recent articles

EU Accelerates Review of Social Media Age Limits Following Child Safety Report

EU Accelerates Review of Social Media Age Limits Following Child Safety Report The European Commission is advancing toward the implementation of new measures aimed at...

Spire Solutions Advances Cyber Resilience in MEA with E-7 Cyber’s BlindSpot Platform Partnership

Spire Solutions Advances Cyber Resilience in MEA with E-7 Cyber’s BlindSpot Platform Partnership Spire Solutions has forged a strategic distribution partnership with E-7 Cyber, aimed...

11 Vulnerable Microsoft-Signed UEFI Shims Risk Bypassing Secure Boot

11 Vulnerable Microsoft-Signed UEFI Shims Risk Bypassing Secure Boot Cybersecurity researchers have identified 11 outdated, Microsoft-signed Unified Extensible Firmware Interface (UEFI) applications that pose a...

Sharjah Chamber Strengthens Economic Ties with Arab-Brazilian Chamber, Receives Invitation to São Paulo Forum

Sharjah Chamber Strengthens Economic Ties with Arab-Brazilian Chamber, Receives Invitation to São Paulo Forum In a significant move to enhance economic collaboration, the Sharjah Chamber...