Information-stealing malware has been spread through a trio of malicious Python Package Index packages purporting to provide a Python SDK for Alibaba's artificial intelligence services, which have accumulated almost 1,600 downloads prior to their removal from the PyPI repository, reports Infosecurity Magazine.
All of the packages, namely aliyun-ai-labs-snippets-sdk, ai-labs-snippets-sdk, and aliyun-ai-labs-sdk, contained only zipped Pickle files to conceal the infostealing payload, which facilitates the theft of user and network data, targeted machines' organizational affiliations, and .gitconfig file contents, as well as the identification of developers linked to the AliMeeting video conferencing software, according to an analysis from ReversingLabs. Such findings signify escalating risks associated with machine learning model format misuse, with ReversingLabs researchers urging more robust validation and zero-trust practices in ML artifact management. "Security tools are at a primitive level when it comes to malicious ML model detection. Legacy security tooling is currently lacking this required functionality," said ReversingLabs reverse engineer Karlo Zanki.
All of the packages, namely aliyun-ai-labs-snippets-sdk, ai-labs-snippets-sdk, and aliyun-ai-labs-sdk, contained only zipped Pickle files to conceal the infostealing payload, which facilitates the theft of user and network data, targeted machines' organizational affiliations, and .gitconfig file contents, as well as the identification of developers linked to the AliMeeting video conferencing software, according to an analysis from ReversingLabs. Such findings signify escalating risks associated with machine learning model format misuse, with ReversingLabs researchers urging more robust validation and zero-trust practices in ML artifact management. "Security tools are at a primitive level when it comes to malicious ML model detection. Legacy security tooling is currently lacking this required functionality," said ReversingLabs reverse engineer Karlo Zanki.
