GMS-2022-8929: SentinelOne impersonated via PyPI packages

December 27, 2022

In December 2022, threat actors impersonated SentinelOne by uploading fake software development kits (SDKs) onto PyPI. The SDKs contain fully functional SentinelOne clients, but the packages also contained malicious backdoors that are only executed when called on programmatically, as opposed to during installation. The packages have since been taken down from PyPI.

References

github.com/advisories/GHSA-g86j-hwg9-77q5
pypi.org/project/SentinelOne/
www.reversinglabs.com/blog/sentinelsneak-malicious-pypi-module-poses-as-security-sdk

Code Behaviors & Features

Detect and mitigate GMS-2022-8929 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →