- npm (Node.js package manager)
- pip (Python package installer)
- git (version control system)
- kubectl (Kubernetes command line tool)
- terraform (Infrastructure as Code tool)
- gcloud (Google Cloud command line interface)
- heroku (Heroku command line)
- dotnet (a command line interface for .NET Core)
“Each of these commands is widely used in various advanced environments, making them attractive targets for attackers looking to maximize the impact of their malicious packages,” the report said.
Another hacking technique is called “command wrapping.” Instead of changing the command, the attacker creates an entry point that acts as a wrapper around the original command. This sneaky approach allows attackers to maintain access for longer periods of time and potentially release sensitive information without raising suspicion, the report said. However, it adds, using the command line requires more research by the attacker. They need to understand the correct methods of target instructions on different operating systems and account for potential errors in their code. This difficulty increases with the diversity of systems targeted for attack.
A third trick would be to create malicious plugins for popular tools and frameworks. For example, if an attacker wants to target Python’s pytest testing framework, they can create a seemingly useful plugin to help with testing that uses the pytest entry point. A plugin may run malicious code in the background, or allow a bug or vulnerable code to pass quality testing.
Source link