top of page


  • Marijan Hassan - Tech Journalist

Malicious PyPI module found posing as a SentinelOne SDK

Threat researchers at ReversingLabs have flagged down a malicious python package that had been disguised as legitimate software from cybersecurity firm SentinelOne. This was after the researchers noticed suspicious behaviour from two files including code that stole data and sent it to an unknown IP address.

Python Package Index (PyPI) is an open source software repository for python and the incident represents a growing trend of cyber criminals targeting software repositories to spread malware. In November cybersecurity firm Phylum issued a warning for another data-stealing malware dubbed W4SP that was being spread using PyPI packages. Early this month, the firm issued another warning noting that it had discovered 47 more packages containing W4SP.

The malicious package discovered by ReversingLabs was uploaded to PyPI on December 11 and had been updated 20 times before it was discovered. It has since been taken down although it’s not clear if it was used in an active attack.

The corrupted SentinelOne package was advertised as a simpler way to access and consume SentinelOne’s APIs but once activated would be used to steal information such as SSH keys, credentials, configuration and host files, and configuration information from Amazon Web Services and Kubernetes.

To avoid detection, the malicious package does not execute during installation. Instead, it remains dormant until it is activated by a Command and Control (C2) system.

ReversingLabs has dubbed the campaign “SentinelSneak” and says that it should be a wake up call for development organisations that supply chain attacks will continue to be a menace.

"Though small in scope, this campaign is a reminder to development organisations of the persistence of software supply chain threats," ReversingLabs threat researcher Karlo Zanki wrote in a report. "As with prior malicious open source supply chain campaigns, this one attempts to exploit confusion on the part of developers to push malicious code into development pipelines."

Zanki says that in this case, the miscreants were banking on SentinelOne’s strong brand recognition and reputation to successfully launch their data exfiltration campaign.

Ruby, npm, GitHub, and NuGet are some other package repositories that cybercriminals leverage to try and spread malicious components. About 7,000 malicious uploads happened on npm JavaScript this year.


To conclude his report, Zanki acknowledged that development organisations will need to take steps such as employee training and awareness so that their developers don’t fall for these impersonation attacks.

He also emphasized on the need to properly scan any open-source or proprietary code to ensure that it’s not embedded with any malicious components that modify systems without authorization or communicate with unknown infrastructure.


bottom of page