Although the nature of open source software dictates that code should be verifiable by anyone, its open nature also means that malicious actors or those with other intentions can sometimes slip in bad code without anyone realizing. To combat this problem, Google has pledged support for the Open Source Security Foundation's (OpenSSF) Package Analysis Project.
Essentially, Google will help the OpenSSF in the dynamic analysis of open source packages on scale, with the results saved to BigQuery. This will ensure that if malicious packages are uploaded to popular repositories, consumers are alerted. Google believes that this process will also reveal more insights into supply chain security and will result in an overall safer ecosystem.
To aid in this endeavor, Google started by analyzing 200 malicious packages uploaded to PyPI and NPM in a month. Although the full results are available in the BigQuery table here, Google has shared some highlights.
The "discordcmd" Python package on PyPI will download a backdoor in the background and then install it on the Discord electron client for Windows. This will allow it to perform reconnaissance in local databases and exfiltrate the Discord API's token data to the attacker's server.
Similarly, the "@roku-web-core/ajax" on NPM will exfiltrate machine details, open a reverse shell, and allow remote execution of commands. Google did note an interesting discovery, though:
The packages we found usually contain a simple script that runs during an install and calls home with a few details about the host. These packages are most likely the work of security researchers looking for bug bounties, since most are not exfiltrating meaningful data except the name of the machine or a username, and they make no attempt to disguise their behavior.
As such, Google has stated that the low sophistication when it comes to obfuscation of most packages indicates that they came from security researchers and did not pose a major threat. However, this also means that a malicious actor could cause irreparable damage for people who installed infected packages.
The firm has emphasized that there is a greater need for vetting of packages uploaded to repositories with an open standard of reporting for centralization of results and transparency.