Friday 16 October 11:30 - 12:00, Green room
Jiho Kim & Minyeop Choi (S2W)
When a security researcher executes a proof-of-concept (PoC) for red-teaming or validation, it can become the source of infection, turning routine research activity into the starting point of compromise. Operation FalseProof is a supply chain attack campaign that operationalizes this scenario. As supply chain attacks targeting software registries such as PyPI and npm continue to rise, this campaign is particularly notable for precisely targeting the working habits of security researchers. In this presentation, we analyse the full attack flow and introduce an AI-based detection system for PyPI supply chain attacks.
The attackers cloned publicly available PoCs for high-profile vulnerabilities, including CVE-2025-14847, CVE-2025-55182 and CVE-2025-64446, and redistributed them via GitHub. While the code appears nearly identical to the original, malicious packages distributed on PyPI, slogsec and logcrypt were inserted as dependencies, forming a supply chain attack vector. By minimizing visible changes, such as slight modifications to comments and argument handling, the attackers ensured that researchers would unknowingly install the malicious packages during environment setup.
The core of this campaign lies in the abuse of Python's import mechanism. Because precompiled native extension modules (.pyd and .so) are loaded prior to source files (.py), the attackers ensured that malicious binaries were executed in place of legitimate code. In this study, we name the key malware components in the attack chain as SporeDrop, MeridianSpy and CoDawnloader. SporeDrop operates as a conditional dropper that decrypts payloads only when exploit.py is present, effectively targeting real-world research environments. It also incorporates custom hash-based API resolving, anti-debugging, and timestomping techniques to evade analysis. The final payload, MeridianSpy, abuses the legitimate service Mapbox Datasets API as a bidirectional command-and-control (C2) channel for data exfiltration and remote command execution. During additional threat hunting, we identified a related sample, CoDawnloader, which leverages coda.io as C2 infrastructure.
From an attribution perspective, we observed the use of the SM3 hashing algorithm, a Chinese national cryptographic standard, as well as similarities with strings previously identified in the UAT-6382 campaign. In this presentation we examine these indicators in detail, including potential links to development environments, technology stacks, code and infrastructure reuse, and the possibility of deliberate false flagging.
Finally, we extend our analysis to practical defence. We present an AI-based detection system for supply chain attacks on PyPI, designed based on characteristics identified during the campaign analysis. The system performs systematic threat scoring by analysing anomalies in package metadata, dependency structures, and native extensions, enabling the identification of malicious packages prior to installation.
|
Jiho Kim Jiho Kim is a Bachelor of Cyber Security from Ajou University in Korea. She graduated from the 'Next Generation of Top Security Leader Program' (Best of Best, BoB) at the Korea Information Technology Institute (KITRI) in 2021. Jiho works at S2W, analysing malware and hunting threat actors. She has experience in analysing malware such as ransomware and stealers and she is also interested in APTs.
|
|
|
Minyeop Choi Minyeop Choi is security researcher specializing in binary analysis. Since 2023 he has been working as a malware analyst at S2W. His core interests are binary analysis, low-level system behaviour, and computer architecture. He is also interested in game-related problems, and has published research at top venues. Outside of research, he participates in CTF competitions. |
Back to VB2026 conference page
Register your interest for VB2026