GHSA-g86j-hwg9-77q5: 
Python vulnerability analysis and mitigation

In December 2022, malicious actors uploaded counterfeit SentinelOne software development kits (SDKs) to the Python Package Index (PyPI). The packages, identified as GHSA-g86j-hwg9-77q5, affected multiple versions including SentinelOne (>= 1.0.0, <= 1.2.1), Sentinelone (1.0.0), SentineloneSDK (1.0.0), and sentinelone-sdk (>= 6.2.1, <= 6.2.2). The malicious packages were first uploaded on December 11, 2022, and received multiple updates until December 13, 2022 (GitHub Advisory, ReversingLabs Blog).

The malicious packages contained fully functional SentinelOne client code but were modified to include backdoor functionality in two api.py files. The malicious code was designed to collect sensitive information from development environments, including shell command execution history, SSH keys, and configuration information related to git, kubernetes, and AWS services. The backdoor functionality was not executed during installation but waited to be called programmatically, likely as an evasion technique. The packages evolved over time, with later versions adapting to different operating systems and expanding data stealing capabilities (ReversingLabs Blog).

The malicious packages were downloaded more than 1,000 times, potentially compromising development environments and exposing sensitive information including SSH keys, AWS credentials, and other development-related secrets. The campaign, dubbed 'SentinelSneak,' specifically targeted data characteristic of development environments (ReversingLabs Blog).

The malicious packages have been removed from PyPI following notification to the PyPI security team on December 15, 2022, and to SentinelOne on December 16, 2022. Organizations are advised to verify the authenticity of packages and their publishers, especially when dealing with security-related SDKs (ReversingLabs Blog).