Security News > 2023 > August > Microsoft PowerShell Gallery vulnerable to spoofing, supply chain attacks
Lax policies for package naming on Microsoft's PowerShell Gallery code repository allow threat actors to perform typosquatting attacks, spoof popular packages and potentially lay the ground for massive supply chain attacks.
PowerShell Gallery is a Microsoft-run online repository of packages uploaded by the wider PowerShell community, hosting a large number of scripts and cmdlet modules for various purposes.
AquaSec's Nautilus team discovered that users can submit to the PS Gallery packages with very similar names to existing repositories, so-called 'typosquatting' when cybercriminals leverage it for malicious purposes.
PS Gallery hides by default the more reliable 'Owner' field under 'Package Details', which shows the publisher account that uploaded the package.
AquaSec reported all flaws to Microsoft on September 27, 2022, and were able to replicate them on December 26, 2022, despite Microsoft stating in early November that they had fixed the issues.
On January 15, 2023, Microsoft stated that a short-term solution was implemented until its engineers developed a fix for the name typosquatting and package details spoofing.
News URL
Related news
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks (source)
- Magento supply chain attack compromises hundreds of e-stores (source)