PondRAT Backdoor Hidden in Python Packages Hits Developers

/ Categories Cyber Security Threats / by

Researchers at Unit 42 have uncovered a new campaign that involves the delivery of Linux and macOS backdoors through poisoned Python packages. These packages are uploaded to the popular PyPI repository, and have been linked to a North Korean-affiliated group called Gleaming Pisces. The campaign, named PondRAT, has showed the threat actor’s ability to affect supply chains to deploy malware on systems through software development tools used by developers.

Poisoned Python Packages

The campaign was executed by uploading several malicious Python packages to PyPI, a commonly used repository for Python developers. The specific packages identified include:

  • real-ids (versions 0.0.3 – 0.0.5)
  • coloredtxt (version 0.0.2)
  • beautifultext (version 0.0.1)
  • minisound (version 0.0.2)

These packages were designed to appear legitimate but contained hidden code that would deploy a backdoor named PondRAT. Once a developer downloaded and installed one of these poisoned packages, the malicious code would run commands to download the backdoor onto the system. This allowed the threat actor to gain unauthorized access to the developer’s system, which could potentially lead to further damage to the organization’s supply chain. The goal of this campaign appears to have been targeting software developers’ endpoints to infiltrate supply chain vendors. Once the developer’s system was compromised, the threat actor would have access to the wider network, including the customers of the vendors relying on these Python packages. This emulates previous tactics carried out by Gleaming Pisces, which has a history of supply chain attacks aimed at cryptocurrency platforms.

PondRAT and POOLRAT

During their analysis, Unit 42 researchers found that the malware delivered through this campaign, PondRAT, shares similarities with POOLRAT, a known macOS remote administration tool (RAT) previously used by Gleaming Pisces.

Similarities Between PondRAT and POOLRAT

Both PondRAT and POOLRAT share similar function names, encryption keys, and execution flows. The similarities are:

  • Both RATs use similar method names such as FConnectProxy and AcceptRequest, which handle connections to command-and-control (C2) servers and execute commands from the threat actor.
  • The encryption key used in both PondRAT and POOLRAT is identical, further confirming the link between the two.

Differences in Functionality

While POOLRAT has more capabilities, PondRAT appears to be a lighter version, designed to be more effective for specific tasks. The commands available in PondRAT include:

  • Uploading and downloading files
  • Checking the status of the implant
  • Pausing operations (sleep)
  • Executing commands

This leaner functionality suggests that PondRAT was designed for specific use cases where a tool like POOLRAT might not be necessary.

The infection chain begins with the installation of a poisoned Python package. The package would decode and execute a second-stage payload after installation, designed to avoid detection by security systems. This payload would then download the PondRAT malware and execute it on the target system. To evade detection, the attackers utilized several techniques, including encoding parts of the payload and using trusted software repositories like PyPI to distribute the malicious packages.

Connection to Gleaming Pisces & PyPI’s Response

Gleaming Pisces, also known as Citrine Sleet, is a North Korean state-sponsored group that has been active since at least 2018. The group is known for its cyberattacks, targeting cryptocurrency platforms through campaigns like AppleJeus. The latest campaign shows overlaps with previous operations with the use of similar malware families and attack vectors, along with other new research from Unit 42 in which large sectors are being targeted with phishing attacks. The group possesses the ability to repeatedly exploit supply chains with a high level of technical expertise, posing a threat to organizations that rely on third-party software packages. At the time of writing, PyPI administrators have removed the poisoned packages from the repository. Organizations that rely on the repository remain at risk, as malicious actors continue to use the popularity of PyPI for supply chain attacks.

Protections and Mitigations

Several products and services provide coverage to Palo Alto Networks customers against this campaign:

  • Cortex XDR helps detect variants of PondRAT and POOLRAT to prevent their attack chains.
  • Next-Generation Firewalls use cloud-delivered security services to block known malicious domains and IP addresses associated with command-and-control servers.
  • Advanced WildFire uses updated machine learning models to detect new malware variants attributed to Gleaming Pisces.

The discovery of PondRAT through poisoned Python packages is proof of how North Korean threat actors continue to improve their malware and target supply chains. They have the potential to infiltrate organizations on a global scale.

Image credit: Koto Amatsukami, AdobeStock

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.

Related News

Stay Connected

  • Twitter
  • LinkedIn
  • Reddit
  • Mastodon

Subscribe

*Our Privacy Policy and Terms & Conditions