Full Report
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,
Analysis Summary
# Tool/Technique: Malicious Ruby Gems (fastlane-plugin-telegram-proxy, fastlane-plugin-proxy_teleram)
## Overview
Malicious Ruby gems discovered on RubyGems that impersonate legitimate versions of the widely used `fastlane-plugin-telegram`. These gems were designed to exfiltrate Telegram API tokens (including bot tokens, chat IDs, message content, and attached files) by surreptitiously redirecting traffic to an attacker-controlled Command and Control (C2) server. This campaign capitalized on a recent Iranian government ban on the Telegram messaging app.
## Technical Details
- Type: Malware/Malicious Package
- Platform: Ruby/RubyGems ecosystem (CI/CD environments using Fastlane)
- Capabilities: Exfiltration of Telegram API data, traffic relaying.
- First Seen: Recent weeks leading up to the report (likely May/June 2024, given context mentioning May 23rd event).
## MITRE ATT&CK Mapping
- TA0011 - Command and Control
- T1071 - Application Layer Protocol
- T1071.001 - Web Protocols
- TA0010 - Exfiltration
- T1041 - Exfiltration Over C2 Channel
## Functionality
### Core Capabilities
- Impersonates the legitimate `fastlane-plugin-telegram`.
- Redirects network traffic intended for the Telegram API to a hard-coded C2 server (`rough-breeze-0c37.buidanhnam95.workers[.]dev`).
### Advanced Features
- Silently harvests sensitive Telegram data, including bot tokens, chat IDs, and message content, by acting as a relay point.
- Leverages supply chain infiltration via the RubyGems repository.
## Indicators of Compromise
- File Hashes: N/A (In repo context)
- File Names: `fastlane-plugin-telegram-proxy`, `fastlane-plugin-proxy_teleram`
- Registry Keys: N/A
- Network Indicators: `rough-breeze-0c37.buidanhnam95.workers[.]dev`
- Behavioral Indicators: Unexpected network traffic redirection from development tools to external, suspicious endpoints.
## Associated Threat Actors
- Aliases: Bùi nam, buidanhnam, si_mobile
## Detection Methods
- Signature-based detection: Monitoring for connections to the known C2 domain.
- Behavioral detection: Analyzing dependency resolution for unusual package versions or unverified dependencies.
- YARA rules: Not explicitly mentioned, but structure mirroring legitimate Fastlane plugins could be targetable.
## Mitigation Strategies
- Strict dependency validation and vetting for all open-source packages used in CI/CD pipelines.
- Pinning trusted package versions where possible.
- Network monitoring of build environments for outbound connections to unknown C2 infrastructure.
## Related Tools/Techniques
- Typosquatting (Used by other packages in the same report).
- Package cloning/impersonation.
***
# Tool/Technique: Malicious npm package (xlsx-to-json-lh)
## Overview
A malicious npm package discovered on the npm registry that typosquats the legitimate package `xlsx-to-json-lc`. Upon installation and triggering, this package executes a destructive payload that deletes the developer's entire codebase, configuration files, and version control data.
## Technical Details
- Type: Malware/Malicious Package
- Platform: npm/JavaScript (Node.js environments)
- Capabilities: Codebase destruction, persistent C2 connection establishment.
- First Seen: Prior to being taken down (taken down after February 2019, as the original was first published then).
## MITRE ATT&CK Mapping
- TA0005 - Defense Evasion
- T1027 - Obfuscated Files or Information
- TA0002 - Execution
- T1204.002 - User Execution: Malicious File
- TA0003 - Persistence
- T1543.003 - Create or Modify System Process: Windows Service
- TA0006 - Credential Access
- T1003 - OS Credential Dumping (Implied by C2 connection)
## Functionality
### Core Capabilities
- Establishes a persistent connection to a C2 server upon loading.
- Contains a hidden, dormant payload.
### Advanced Features
- **Remote Triggered Destruction:** The deletion sequence is triggered remotely by the C2 server issuing the French command "remise à zéro" ("reset").
- **Comprehensive Deletion:** Wipes source code files, `node_modules` (including itself), configuration files, and version control directories.
## Indicators of Compromise
- File Hashes: N/A
- File Names: `xlsx-to-json-lh`
- Registry Keys: N/A
- Network Indicators: Establishes a connection to an unknown C2 server.
- Behavioral Indicators: Execution of file deletion routines across the project directory structure upon receiving a specific remote command.
## Associated Threat Actors
- Not explicitly named, discovered by security researchers.
## Detection Methods
- Signature-based detection: Detecting the specific deletion code paths or C2 communication modules.
- Behavioral detection: Monitoring file system operations for mass deletion, especially during package initialization.
## Mitigation Strategies
- Implement scanning of package installation contents before execution in critical environments.
- Use software composition analysis (SCA) tools to flag typosquatted dependencies.
## Related Tools/Techniques
- Typosquatting (of `xlsx-to-json-lc`).
- Destructive malware techniques.
***
# Tool/Technique: Cryptocurrency Stealing npm Packages
## Overview
A set of malicious npm packages targeting Ethereum and BSC users by obfuscated JavaScript code to drain cryptocurrency wallets upon installation/use.
## Technical Details
- Type: Malware/Malicious Package
- Platform: npm/JavaScript (Node.js environments)
- Capabilities: Cryptocurrency theft (ETH/BSC), obfuscation.
- First Seen: One package, `pancake_uniswap_validators_utils_snipe`, was published four years prior (circa 2020).
## MITRE ATT&CK Mapping
- TA0010 - Exfiltration
- T1041 - Exfiltration Over C2 Channel
- TA0005 - Defense Evasion
- T1027 - Obfuscated Files or Information
## Functionality
### Core Capabilities
- Steals 80% to 85% of funds present in the victim's connected Ethereum or BSC wallet.
- Utilizes obfuscated JavaScript code to hide theft logic.
### Advanced Features
- Targeted interaction with decentralized exchange (DEX) related libraries or wallet interfaces.
## Indicators of Compromise
- File Hashes: N/A
- File Names: `pancake_uniswap_validators_utils_snipe`, `pancakeswap-oracle-prediction`, `ethereum-smart-contract`, `env-process`
- Registry Keys: N/A
- Network Indicators: Funds transferred to attacker-controlled wallets.
- Behavioral Indicators: Unauthorized cryptocurrency transfers initiated post-installation.
## Associated Threat Actors
- User alias: @crypto-exploit
## Detection Methods
- Monitoring wallet transactions for unexpected large outflows occurring shortly after dependency installation.
- Static analysis to detect common cryptocurrency theft patterns, even when obfuscated.
## Mitigation Strategies
- Isolate build environments from production secrets or sensitive wallet interactions unless strictly necessary and validated.
- Audit code that interacts directly with wallet signing functions.
## Related Tools/Techniques
- Cryptocurrency draining malware.
***
# Tool/Technique: Malicious PyPI Packages (Solana Key Stealers)
## Overview
A collection of malicious PyPI packages designed to compromise Solana users by intercepting and stealing private keys during key generation processes using "monkey patching."
## Technical Details
- Type: Malware/Malicious Package
- Platform: PyPI/Python environments
- Capabilities: Solana private key capture, key encryption, exfiltration via blockchain transaction.
- First Seen: `semantic-types` benign update introduced Jan 26, 2025.
## MITRE ATT&CK Mapping
- TA0006 - Credential Access
- T1003 - OS Credential Dumping (Applied specifically to private keys)
- TA0010 - Exfiltration
- T1048 - Exfiltration Over Alternate Protocol (Using blockchain transactions)
## Functionality
### Core Capabilities
- **Monkey Patching:** Modifies Solana key-generation functions at runtime to capture newly created private keys.
- Captures private keys generated by the victim.
### Advanced Features
- Encrypts captured keys using a hardcoded RSA-2048 public key.
- Embeds the encrypted key within a Solana `spl.memo` transaction sent to the Solana Devnet, allowing retrieval by the attacker.
- Appears legitimate via polished README files linked to fake GitHub repositories.
## Indicators of Compromise
- File Hashes: N/A
- File Names: Packages associated with alias `cappership`.
- Registry Keys: N/A
- Network Indicators: Transactions sent to Solana Devnet containing embedded, Base64-encoded, RSA-encrypted private keys.
- Behavioral Indicators: Runtime modification of core cryptographic libraries.
## Associated Threat Actors
- Alias: cappership
## Detection Methods
- Monitoring Python execution for unusual imports or function overwrites related to cryptographic libraries.
- Auditing outbound blockchain transactions initiated by build scripts.
## Mitigation Strategies
- Never run untrusted Python packages in environments capable of generating sensitive keys or credentials.
- Review code that interacts with key generation functions.
## Related Tools/Techniques
- Runtime code modification techniques.
- Covert exfiltration via public blockchain ledgers.
***
# Tool/Technique: Malicious PyPI Packages (Aliyun AI Labs Spoof)
## Overview
A set of malicious PyPI packages leveraging the popularity of Aliyun AI Labs tools to hide an infostealer payload disguised within a PyTorch ML model file. The payload gathers machine configuration details, targeting developers likely based in China.
## Technical Details
- Type: Malware/Malicious Package (Infostealer payload hidden in ML model)
- Platform: PyPI/Python environments, targeting ML/AI developers.
- Capabilities: Information gathering, exfiltration of system details and Git configuration.
- First Seen: Published May 19, 2024.
## MITRE ATT&CK Mapping
- TA0009 - Collection
- T1082 - System Information Discovery
- TA0010 - Exfiltration
- T1041 - Exfiltration Over C2 Channel
- TA0005 - Defense Evasion
- T1027 - Obfuscated Files or Information (Hiding payload in ML model format)
## Functionality
### Core Capabilities
- Downloads and executes an infostealer payload concealed inside a PyTorch model file during initialization.
- Exfiltrates basic system information (user, network address, organization name).
- Steals the content of the `.gitconfig` file.
### Advanced Features
- **Novel Hiding Mechanism:** Uses the ML model format (susceptible to arbitrary code execution via deserialization, referencing Pickle concerns) as a means to bypass traditional security tooling not yet adapted to scan these formats.
- **Targeted Recon:** Retrieves organization name by reading a specific preference key (`_utmc_lui_`) from the configuration of the AliMeeting application, suggesting a focus on Chinese developers.
## Indicators of Compromise
- File Hashes: N/A
- File Names: `aliyun-ai-labs-snippets-sdk`, `ai-labs-snippets-sdk`, `aliyun-ai-labs-sdk`
- Registry Keys: Reading configuration related to AliMeeting.
- Network Indicators: Exfiltration to an unknown C2 server.
- Behavioral Indicators: Loading data from an ML model file that results in code execution rather than standard model inference.
## Associated Threat Actors
- Not explicitly named, discovered by ReversingLabs researchers.
## Detection Methods
- New security tooling required to analyze ML model files (e.g., Pickle) before runtime for malicious code execution vectors.
- Monitoring for system information enumeration and specific access to the AliMeeting configuration file.
## Mitigation Strategies
- Strict verification and sandboxing of any ML model files loaded from external, untrusted sources.
- Reviewing supply chain security processes to account for weaponization of AI/ML dependencies.
## Related Tools/Techniques
- Weaponization of ML Model Formats (Pickle/Deserialization attacks).
- Information stealing payloads.