Threat actors have released a malicious Python package on PyPI, codenamed “SentinelOne”, which pretends to be the legitimate SDK client of the trusted US cybersecurity firm but, in reality, steals developer data.

The package offers the expected functionality, which makes it easy to access the SentinelOne API from another project. However, this package has been trojaned to steal sensitive data from compromised development systems.

The attack was discovered by ReversingLabs, which confirmed the malicious functionality and reported the package to SentinelOne and PyPi, resulting in the removal of the package.

Trojan infected SDK client

The SentinelOne malicious package was first uploaded to PyPI on December 11, 2022 and has been updated twenty times since then.

According to the researchers, the package is believed to be a copy of the real SentinelOne SDK python client, and the threat actor has made the updates to improve and fix the malicious functionality of the package.

After further analysis, ReversingLabs found that fake “SentinelOne” package contains “api.py” files with malicious code that steals and uploads data to IP address (54.254.189.27), which does not belong to the SentinelOne infrastructure.

This malicious code acts as information-stealing malware, which exports a variety of developer-related data from all home directories on the device. This data includes Bash and Zsh histories, SSH keys, .gitconfig files, hosts files, AWS configuration information, Kube configuration information, and more.

As these folders usually contain authentication tokens, secrets, and API keys, it is believed that the threat actor intentionally targets development environments for additional access to their cloud services and servers.

“We see the malicious code to collect shell command execution history information as well as the contents of the .ssh folder containing ssh keys and configuration information, including access credentials and secrets, related to Git, Kubernetes and AWS services.” – Reversing Labs.

Analysts also found that early versions of the fake package had trouble running the data collection module on Linux systems, an issue that was fixed in later versions.

ReversingLabs reports seeing five other packages with the same name uploaded by the same authors between December 8 and December 11, 2022. However, these packages did not contain the api.py files, so they were likely used for testing.

All released versions of the information-stealing malware package have been downloaded more than 1000 times on PyPI.

Based on the evidence collected, ReversingLabs researchers have not yet been able to determine if the package has been used in any actual attacks.