A malicious package named “Chimera-Sandbox Extensions” was uploaded to the PyPI repo (Python) and aims to steal credentials and other sensitive information, such as Jamf MacOS data, CI/CD environment variables, and AWS tokens.The discovery of the malicious Chimera package highlighted the ongoing risks associated with open source software repositories. Security pros said the development is potentially dangerous because developers use Chimera to build AI applications.According to a recent blog by JFrog researchers, the malicious Chimera package distinguished itself via its targeted approach and multi-stage execution. The malware specifically focuses on corporate and cloud environments, the researchers said.Nic Adams, co-founder and CEO at 0rucs, said open-source software forms the backbone of modern apps, which means a single compromised package with PyPI can surreptitiously infect thousands, or even millions, of applications downstream, creating a ripple effect across industries.“Developers implicitly trust open-source packages, making them an ideal target for attackers,” said Adams. “Malicious code can be hidden deep within complex dependency trees, making detection difficult. This incident is a prime example of a highly sophisticated attack targeting a critical open-source utility.”Mike McGuire, senior security solutions manager at Black Duck, added that the Chimera incident underscored the growing sophistication of supply chain attacks, where seemingly trustworthy packages can deliver dangerous malware. McGuire said teams need to take a layered approach to defending themselves as such attacks are likely to increase in frequency.McGuire said development teams should move towards using curated package registries, like internal repositories that offer control over which packages are allowed to be used in projects. McGuire recommended JFrog Artifactory, which teams can use as a private repository of “approved” open source packages.“Therefore, instead of developers and package managers pulling dependencies from public repos, they’re pulling from the internal Artifactory instance, meaning they’re using properly vetted packages,” said McGuire. “This enables a more secure way of using open source dependencies.”Eric Schwake, director of cybersecurity strategy at Salt Security, said security teams must adopt a multi-layered defensive strategy to avert these type of open source security breaches. This requires thoroughly checking all third-party and open-source packages before integration, understanding their functions, and applying the principle of least privilege to all development and deployment credentials, said Schwake.“Effective API posture governance is crucial to ensure that the potential API access gets limited, even if credentials like AWS tokens are compromised,” said Schwake. “Furthermore, ongoing runtime protection of application and API traffic for unusual behaviors, such as suspicious outbound connections or unauthorized data transfers, is vital to identify and address these advanced supply chain breaches before they result in larger system compromises."
