GitLab Continuous Integration pipelines are being targeted in a new software supply chain attack dubbed CrateDepression, which involves malware
deployment, reports SecurityWeek
SentinelLabs researchers have discovered that threat actors behind CrateDepression have leveraged both typosquatting and Rust developer spoofing to facilitate malicious crate promotion on Rust.
Despite the prompt removal of the malicious crate, more widespread supply-chain attacks have been enabled by a second-stage GitHub CI pipeline payload. The technical report also showed that the second-stage payload featured screenshot and keyboard stroke capturing, as well as file uploading and downloading capabilities.
"While the ultimate intent of the attacker(s) is unknown, the intended targeting could lead to subsequent larger scale supply-chain attacks depending on the GitLab CI pipelines infected... Software supply-chain attacks have gone from a rare occurrence to a highly desirable approach for attackers to 'fish with dynamite' in an attempt to infect entire user populations at once," said SentinelLabs.