Malicious Python package in PyPI poses as SentinelOne SDK

Threat actors have created a malicious Python package that mimics a SentinelOne SDK, according to new research by security vendor ReversingLabs.

The malware, which the vendor dubbed "SentinelSneak" in a blog post Monday, has data exfiltration and backdoor capabilities. It also "appears to be a fully functional SentinelOne client, but contains a malicious backdoor," according to ReversingLabs threat researcher and blog post author Karlo Zanki. The package was first uploaded to the Python Package Index (PyPI) on Dec. 11 and has been removed from the repository following ReversingLabs' discovery.

The blog post includes further technical details such as indicators of compromise. Zanki, who discovered the malicious package, wrote that no evidence of a successful attack has been found to date. However, the package appeared to have been downloaded more than 1,000 times, according to PyPI stats.

Zanki noted that despite the mimicry, the malicious package has no connection to threat detection vendor SentinelOne. A SentinelOne spokesperson shared a statement with TechTarget Editorial echoing this sentiment.

"SentinelOne is not involved with the recent malicious Python package leveraging our name," the statement read. "Attackers will put any name on their campaigns that they think may help them deceive their intended targets, however this package is not affiliated with SentinelOne in any way. Our customers are secure, we have not seen any evidence of compromise due to this campaign, and PyPI has removed the package."

When asked why threat actors chose to mimic SentinelOne's SDK instead of another smaller vendor, ReversingLabs chief software architect Tomislav Pericin surmised that it was likely to infiltrate large security-minded organizations.

"The SDK is available to all SentinelOne customers, but the ones who automate themselves are going to be highly sophisticated SOCs [security operations centers]. Those tend to defend the largest organizations," Pericin said. "Software supply chain protection is a novel category even for them, so the attack could have gone unnoticed for quite a while. We don't believe the impact would have been high in the number of affected organizations, but the affected ones would certainly be high-profile enough to grab headlines."

Open source code repositories like PyPI have become a hotbed for threat activity. In October, researchers with security vendor Checkmarx announced they had uncovered a collection of nearly 200 malicious NPM packages that all traced back to a single threat activity group known as "LofyGang." And in September, ReversingLabs discovered that threat actors had created a malicious NPM package in a library for the open source Tailwind CSS framework.

Zanki noted this ongoing trend in ReversingLabs' blog post and referenced several other instances of threat activity in public package repositories this year.

"This latest discovery underscores the ongoing threat of malicious code lurking on open source repositories such as PyPI, npm, RubyGems, GitHub and more," Zanki wrote. "As with prior malicious open source supply chain campaigns, this one attempts to exploit confusion on the part of developers to push malicious code into development pipelines."

Alexander Culafi is a writer, journalist and podcaster based in Boston.