Cybersecurity researchers said they discovered an accidental leak of a GitHub token that could have given elevated access to the Python language GitHub repositories, the Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories.
JFrog, the company that discovered the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub.
“This case was exceptional because it’s hard to overestimate the potential consequences if it fell into the wrong hands — allegedly it was possible to inject malicious code into PyPI packages (imagine replacing all Python packages with malicious ones) and even into the Python language itself. ,” a software supply chain security company said.
An attacker could hypothetically use their administrator access to mount a large-scale attack on the supply chain by poisoning the source code related to the Python programming language core or the PyPI package manager.
JFrog pointed out that the authentication token was found inside the Docker container, in a compiled Python file (“build.cpython-311.pyc”) that was inadvertently not cleaned up.
Following a responsible disclosure on June 28, 2024, the token that was issued to the GitHub account associated with PyPI administrator Ee Durbin was immediately revoked. There is no evidence that the secret has been used in the wild.
PyPI said the token was released sometime before March 3, 2023, and that the exact date is unknown due to security logs not being available after 90 days.
“While developing cabotage-app5 locally, working on the build part of the codebase, I kept running into GitHub API speed limits,” Durbin explained.
“These speed limits apply to anonymous access. While in production the system is set up as a GitHub app, I modified my local files to include my own access token in an act of laziness rather than setting up a local GitHub app. These changes were never intended to be remotely pushed.”
The disclosure comes after Checkmarx discovered a series of malicious packages on PyPI that are designed to transmit sensitive information to Telegram bots without the victim’s consent or knowledge.
The packages in question – testbrojct2, proxyfullscraper, proxyalhttp and proxyfullscrapers – work by scanning a compromised system for files with extensions such as .py, .php, .zip, .png, .jpg and .jpeg.
“The Telegram bot is linked to numerous cybercriminal operations based in Iraq,” Checkmarx researcher Yehuda Gelb. saidnoting that the bot’s post history dates back to 2022.
“The bot also functions as an underground market offering social media manipulation services. He has been linked to financial theft and exploits victims by stealing their data.”
