Hijacked S3 Buckets Used In Attacks On Npm Packages

Miscreants are using expired Amazon Web Services (AWS) S3 buckets to place malicious code into a legitimate package in the npm repository without having to tinker with any code.

Software security firm Checkmarx said it began investigating after GitHub late last month posted an advisory about several releases of an npm package called bignum that was taken over by cybercrooks and serving malicious binaries that would steal information like user IDs, passwords, and local host names from victims' systems.

The infosec engineers wrote a report describing the issue, noting that while the threat of the bignum package was mitigated with a new version, they found that dozens of other open source packages in the npm code repository were vulnerable to the same attack.

"Since it was the first time such an attack was observed, we conducted a quick search across the open source ecosystem," wrote Guy Nachshon, a software engineer with Checkmarx. "The results were startling. We found numerous packages and repositories using abandoned S3 buckets that are susceptible to this exploitation."

Code repositories under attack

This latest threat is part of a growing trend of groups looking at the software supply chain as an easy way to deploy their malware and quickly have it reach a broad base of potential victims. Through attacks on npm and other repositories like GitHub, Python Package Index (PyPI), and RubyGems, miscreants look to place their malicious code in packages that are then downloaded by developers and used in their applications.

In this case, they found their way in via the abandoned S3 buckets, part of AWS object storage services that enable organizations to store and retrieve huge amounts of data – files, documents, and images, among other digital content – in the cloud. They're accessed via unique URLs and used for such jobs as hosting websites and backing up data.

The bignum package used node-gyp, a command-line tool written in Node.js, for downloading a binary file that initially was hosted on a S3 bucket. If the bucket couldn't be accessed, the package was prompted to look for the binary locally.

"However, an unidentified attacker noticed the sudden abandonment of a once-active AWS bucket," Nachshon wrote. "Recognizing an opportunity, the attacker seized the abandoned bucket. Consequently, whenever bignum was downloaded or re-installed, the users unknowingly downloaded the malicious binary file, placed by the attacker."

Stealing and exfiltrating credentials

The malicious binary functioned like the original one but also stole credentials and sent them to the same hijacked bucket, with the data exfiltrated via a GET request, he wrote. It was a C/C++ compiled binary called for in JavaScript applications, with a foot in both JavaScript and C/C++ libraries, which allowed Node.js modules to reach lower-level code and expanding the attack surface.

• This malicious PyPI package mixed source and compiled code to dodge detection
• Python Package Index had one person on-call to hold back weekend malware rush
• GitHub debuts pedigree check for npm packages via Actions
• Worried about the security of your code's dependencies? Try Google's Deps.dev

Nachshon reverse-engineered the compiled file, though it wasn't easy. One problem? Scanning the file using VirusTotal didn't detect it as malware. However, he looked at the strings in the file and found "some weird behavior," convincing him to dive deeper.

The larger problem was the other packages and repositories that also were using expired S3 buckets, which this kind of attack a problem well beyond bignum.

"The danger it poses can be huge if an attacker manages to exploit it as soon as this kind of change occurs," he wrote. "Another risk is posed to organizations or developers using frozen versions or 'artifactories' as they will continue to access the same, now hijacked, bucket."

A new, safer version of bignum

Versions 0.12.2 to 0.13.0 of bignum used node-pre-gyp for downloading pre-built binaries. The latest version, 0.13.1, doesn't use that. It also doesn't allow downloading of pre-built binaries to avoid malicious downloads.

Zane Bond, head of product at zero trust security software maker Keeper Security, told The Register that while the method used by miscreants in this attack is novel, SQL injection attacks themselves are not unusual.

"Finding the exact string that allows you to compromise a system is quite difficult, but this attack type is one of the most simple and common ones out there," Bond said. "This is a case of an adversary getting lucky while doing typical adversary activity."

The problem is that a similar scenario could play out whenever a trusted distribution location – in this case, the S3 buckets – is no longer used and is abandoned, according to his colleague, Patrick Tiquet, vice president of security and architecture with Keeper Security. ®