Code Insight Expands to Uncover Risks Across the Software Supply Chain
Audio version of this post, created with NotebookLM Deep Dive
Your browser does not support the audio element.
When we launched Code Insight, we started by analyzing PowerShell scripts. Since then, we have been continuously expanding its capabilities to cover more file types. Today, we announce that Code Insight can now analyze a broader range of formats crucial to the software supply chain. This includes browser extensions (CRX for Chrome, XPI for Firefox, VSIX for VS Code), software packages (Python Wheel, NPM), and protocols like MCP that enable Large Language Models to interact with external tools.
Attackers are increasingly targeting these formats to distribute malware, steal data, or compromise systems. Traditional detection methods, which often rely on signatures or machine learning focused on classification, can struggle to keep up with the dynamic and obfuscated nature of these threats. This is where AI can make a real difference. By analyzing the underlying code logic, Code Insight can identify malicious behavior even in previously unseen threats, providing a deeper level of security analysis.
This is particularly relevant in a landscape where even a single malicious browser extension can lead to significant data breaches, financial loss, or the compromise of corporate networks.
A Viral Tweet and a Real-World Example
In the last few hours, a tweet from a seasoned crypto user (zak.eth) went viral, narrating how his wallet was drained by a malicious extension for the first time in over ten years of activity. This incident is a stark reminder that anyone can be a target.
This is a prime example of where Code Insight can be instrumental. It can analyze one of the suspicious extensions mentioned in the thread and reveal its malicious nature:
From here, we will explore different examples of the new formats supported by Code Insight and specific examples where traditional engines fail to detect a threat.
CRX (Chrome Extensions)
CRX files are the format used for packaging Google Chrome browser extensions. While they can enhance browsing, they also represent an attack vector if they contain malicious code. Here is an example of a seemingly legitimate “Norton Safe Search” extension. However, Code Insight’s analysis reveals its true, malicious purpose:
6ca4466baf5ff09bab90a5d06bf113667717400daa59a287393e8f3f10959aba
The extension is obfuscated to hide its true purpose. The code in js/background.js communicates with a command and control (C2) server located at a domain unrelated to Norton. The most critical malicious behavior is its capability to fetch and execute arbitrary code from the C2 server. This allows the attacker to dynamically change the extension’s functionality after installation, effectively turning the user’s browser into a bot.
In another case, a banking trojan targeting Westpac customers was identified:
34244257f633e104d06b0c4273caca96eb916d26540eeea68495707cbc920bdb
This extension is a banking trojan specifically targeting Westpac customers. It operates as a Man-in-the-Browser (MitB) malware to steal credentials, session data, and funds. It establishes a persistent WebSocket connection to a hardcoded C2 server, collects all cookies from the browser and intercepts form submissions, specifically targeting the input field for the ‘AuthorisationCode’ (a 2FA/OTP token).
VSIX (Visual Studio Code Extensions)
VSIX files are used for extensions in Visual Studio Code, a popular code editor. Developers can be targeted through these extensions, potentially compromising their development environment and projects.
A deceptive “Zoom” extension for VS Code was found to be stealing user data:
5c89ba9e1bbb7ef869e4553081a40cabbd91a70506d759fd4e97eefb0434c074
The extension attempts to access sensitive user data by reading browser cookies from a known local SQLite database file. It also includes functionality to make external network requests to an unusual domain. which could be used to exfiltrate the collected sensitive data. This combination of local data collection and external communication is an indicator of malicious intent, specifically information theft.
XPI (Firefox Extensions)
XPI files are used for Firefox browser add-ons. Similar to Chrome extensions, they can be used to distribute malware.
A “Mass Tiktok Video Downloader” extension was found to be a phishing and data exfiltration tool:
2c0c8bd05a4942b389feaeb02c372b6443efac9d0931e0bdc602474178b54e7f
It presents a fake Facebook password confirmation popup to phish user credentials. Concurrently, its background script actively collects all browser cookies. All collected data, including the phished passwords, are exfiltrated to a Telegram bot API endpoint.
WHL (Python Wheel)
WHL files are a standard for distributing Python packages. The threats in these examples are not limited to intentionally malicious code, it also includes packages with critical vulnerabilities or insecure coding patterns that can be exploited in supply chain attacks.
An “hh-applicant-tool” designed to interact with an API was found to have a suspicious telemetry feature:
1a168e47cb2d81f54fe504e66e353251a772164959ec71517d2070bf96fee957
It collects data, including vacancy details, employer information, and Google Docs links found in messages, and sends it to a custom server. This communication explicitly disables SSL certificate verification (verify=False), making the data transfer vulnerable to Man-in-the-Middle attacks.
In another instance, a package named “ncatbot” contained a critical security vulnerability:
f2714f6b87689c4d631a587813d14c4e463be7251bf16ff383ad2b7940ca7a4d
A critical security vulnerability exists in the Linux installation process, which executes a remote script with root privileges using curl | sudo bash. This allows for arbitrary code execution and system compromise if the remote script is malicious or its source is compromised.
NPM (Node Package Manager)
NPM is the default package manager for Node.js and is central to the JavaScript ecosystem.
Malicious NPM packages are a constant threat to developers and applications.
A package named “serverless-shop-functions” presented as a benign e-commerce application but contained two malicious Python scripts:
8f7a061901c935493e17f3f897a2b98b5ab21350593fda10a6936a84db5b28b7
Backdoor.Python.PolymorphNecro.h is identified as a polymorphic IRC botnet client. Its capabilities include: network sniffing, ARP poisoning, various DDoS attack methods. Main.py is a Discord-controlled Remote Access Trojan (RAT) with extensive capabilities, including: establishing persistence, executing arbitrary PowerShell commands, capturing and exfiltrating screenshots and webcam photos.
PyPI (Python Package Index)
PyPI is the official third-party software repository for Python. It’s a common target for attackers looking to distribute malicious packages. However, the threat also comes from packages that, while not intentionally malicious, contain critical vulnerabilities in their design.
A package named python-mcp-client was found to have severe vulnerabilities allowing for remote code execution:
83c4c8d38e3eea555666e26ed85953b7479d46d9b4d2c12c521ae5f505b343d2
The package exposes severe vulnerabilities that allow for remote code execution (RCE) and arbitrary file system operations. The flask_app.py component allows users to dynamically add new MCP servers via the /api/add_server endpoint. This endpoint directly accepts user-provided command and args parameters, enabling an attacker to execute arbitrary shell commands on the host system.
By expanding Code Insight’s capabilities, we aim to provide the cybersecurity community with a tool to better understand and mitigate the evolving threats within the software supply chain. Stay tuned as we continue to enhance our platform to counter new attack vectors.
Read more: Code Insight Expands to Uncover Risks Across the Software Supply Chain