Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

On September 18, 2024, Unit 42 researchers at Palo Alto Networks released an investigation detailing an ongoing cyber campaign by the North Korean-linked threat actor group known as Gleaming Pisces (aka Citrine Sleet). This campaign targets Linux and macOS systems by distributing malicious Python packages via the PyPI repository, with the primary goal of delivering a backdoor known as PondRAT. These attacks leverage supply chain vulnerabilities to gain unauthorized access to targeted systems, posing a significant risk to organizations dependent on open-source repositories.

Introduction

Gleaming Pisces is a financially motivated group believed to have ties to North Korea’s Reconnaissance General Bureau (RGB). This threat actor has previously been involved in high-profile campaigns, notably AppleJeus, which targeted cryptocurrency exchanges. In this latest attack, Unit 42 researchers identified several poisoned Python packages uploaded to PyPI, which ultimately led to the deployment of PondRAT—a Linux variant of the previously identified POOLRAT macOS backdoor.

Report Overview

The attack begins when developers unknowingly install the compromised Python packages from PyPI. Upon installation, the package executes encoded bash commands designed to evade detection. These commands then download and install the PondRAT malware. The researchers noted the presence of four key Python packages involved in this campaign:

• real-ids (versions 0.0.3 - 0.0.5)
• coloredtxt (version 0.0.2)
• beautifultext (version 0.0.1)
• minisound (version 0.0.2)

PondRAT operates as a remote access tool (RAT), allowing attackers to upload, download, and execute commands remotely. Unit 42's analysis of PondRAT revealed code similarities to POOLRAT, previously attributed to Gleaming Pisces. Both malware variants share encryption keys, function names, and execution flows, leading to the conclusion that PondRAT is a lighter version of POOLRAT, adapted for Linux systems.

Insights and Analysis

The primary goal of this campaign is to compromise the supply chain by targeting developers' endpoints, gaining access to the systems of organizations reliant on PyPI packages. Such attacks could lead to widespread malware infections across multiple industries. The compromised Python packages have since been removed from PyPI, but the potential damage to organizations remains severe, particularly for those who may have unknowingly installed these packages.

While Palo Alto Networks' Advanced WildFire and Cortex XDR platforms provide detection and prevention capabilities against PondRAT, organizations must remain vigilant. Regular monitoring of software dependencies, ensuring integrity in supply chain processes, and conducting thorough security audits of open-source packages are crucial steps to mitigate similar threats. Additionally, engaging in proactive threat hunting and utilizing incident response services, such as Palo Alto Networks’ Unit 42, can help detect and respond to compromises more effectively.

In conclusion, this campaign underscores the growing threat posed by supply chain attacks. Organizations must take immediate action to review their use of Python packages from public repositories, ensuring they have adequate safeguards to prevent and detect malicious activity.

Indicators of Compromise (IOCs)

MITRE ATT&CK Techniques

References

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors.

Unit 42Yoav Zemah