Open source package entry points could be used for command jacking – Source: www.csoonline.com

Open source application packages, including those in Python and JavaScript, have a vulnerability in their entry points that could be used by threat actors to execute malicious code to steal data, plant malware, and more.

This warning to developers and infosec leaders comes in a report released today by researchers at Checkmarx.

They dub the techniques “command jacking,” because attackers can use entry points to run specific commands impersonating popular third-party tools and system commands. But attackers could also leverage malicious plugins and extensions.

“Entry point attacks, while requiring user interaction, offer attackers a more stealthy and persistent method of compromising systems [than other tactics], potentially bypassing traditional security checks,” the report warns.

Over the past two years, many researchers have warned that open source package managers are places where threat actors deposit malicious copies of legitimate tools or libraries that developers want, often mimicking or copying the names of these tools – a technique called typosquatting — to fool unsuspecting developers.

This latest report is another example of why developers need to be careful when choosing packages to download from open source code repositories.

For example, in March, a cybersecurity company warned that threat actors had created multiple GitHub repositories, posing as cracked software, to drop the RisePro info-stealer into applications.

Another tactic is dependency confusion, which relies on a threat actor publishing a malicious version of a package with a different version number than the legitimate package.

The Checkmarx researchers say the entry point attack vector exists in several major languages and package managers, including npm (JavaScript), Ruby Gems, NuGet (.NET), Dart Pub, and Rust Crates.

While this method doesn’t allow for immediate system compromise as do automatic scripts or malicious dependencies, Checkmarx says it offers a subtler approach for patient attackers to infiltrate systems, potentially evading standard security measures.

First, a primer: Application entry points control users’ access. The report describes them as a power feature on a packaging system that allows developers to expose specific functions through a command line without requiring users to know the exact import path or structure of the package. Entry points allow the creation of command line scripts that users can run after installing a package, or define plugin systems where third party packages can extend the functionality of a core package. The location and format of entry point definitions vary depending on whether the package is a source or wheel distribution.

The most popular entry point in Python, for example, is “console_scripts,” which points to a function the developer wants to be made available as a command line tool to whoever installs a package.

When a package is installed, says the report, these entry points are recorded in the package’s metadata. Other packages or tools can then query this metadata to discover and use the defined entry points.

“If an attacker can manipulate a legitimate package’s metadata or convince a user to install a malicious package, they can potentially execute arbitrary code on the user’s system whenever the defined command or plugin is invoked,” say the researchers.

The tactic the researchers call command jacking involves using entry points to masquerade as widely-used third-party tools. “This tactic is particularly effective against developers who frequently use these tools in their workflows,” the report notes. For instance, an attacker might create a package with a malicious ‘aws’ entry point. When unsuspecting developers who regularly use AWS services install this package and later execute the aws command, the fake ‘aws’ command could exfiltrate their AWS access keys and secrets.

“This attack could be devastating in CI/CD [continuous integration/continuous delivery] environments, where AWS credentials are often stored for automated deployments,” says the report, “potentially giving the attacker access to entire cloud infrastructures.

Another example could be a malicious package impersonating the ‘docker’ command, targeting developers working with containerized applications. The fake ‘docker’ command might secretly send images or container specifications to the attacker’s server during builds or deployments. In a microservices architecture, this could expose sensitive service configurations or even lead to the exfiltration of proprietary container images, says the report.

Other popular third-party commands that could be potential targets for impersonation include:

• npm (the Node.js package manager)
• pip (the Python package installer)
• git (a version control system)
• kubectl (a Kubernetes command-line tool)
• terraform (an Infrastructure as Code tool)
• gcloud (Google Cloud’s command-line interface)
• heroku (the Heroku command line interface)
• dotnet (the command line interface for .NET Core)

“Each of these commands is widely used in various development environments, making them attractive targets for attackers looking to maximize the impact of their malicious packages,” says the report.

Another command jacking tactic has been dubbed “command wrapping.” Instead of replacing a command, an attacker creates an entry point that acts as a wrapper around the original command. This stealthy approach allows attackers to maintain long-term access and potentially exfiltrate sensitive information without raising suspicion, says the report. However, it adds, implementing command wrapping requires additional research by the attacker. They need to understand the correct paths for the targeted commands on different operating systems and account for potential errors in their code. This complexity increases with the diversity of systems the attack targets.

A third tactic would be creating malicious plugins for popular tools and frameworks. For example, if an attacker wanted to target Python’s pytest testing framework, they would create a plugin which appears to be a utility to help in testing that uses pytest’s entry point. The plugin could then run malicious code in the background, or allow buggy or vulnerable code to pass quality checks.

“It’s important to clarify that entry points are not inherently problematic,” Yehuda Gelb, a Checkmarx security researcher, told CSO Online. “They’re a legitimate and useful feature within various language ecosystems, including Python. The vulnerability lies in how this feature can be exploited, not in the feature itself. Rather than ‘fixing’ entry points, which could break legitimate functionality for many packages, our focus should be on raising awareness among code consumers about the potential risks, and educating them on risk mitigation strategies.”

These strategies include:

• verifying the source and integrity of packages before installation
• implementing strict code review processes, especially for command line tools
• utilizing automated security tools that can detect suspicious entry point usage

“By concentrating on these areas, we can mitigate the risks associated with entry point manipulation while preserving the functionality and convenience that entry points provide,” Gelb said.

“It’s crucial to develop comprehensive security measures that account for entry point exploitation,” the report concludes. By understanding and addressing these risks, it said, the security community can work towards a more secure application packaging environment, safeguarding both individual developers and enterprise systems against sophisticated supply chain attacks.