Security researchers have uncovered a sophisticated attack vector that allows threat actors to exploit serverless computing services offered by Google Cloud Platform (GCP) to execute malicious commands.
The vulnerability, dubbed “function confusion,” enables attackers to leverage package installation scripts within cloud functions to gather sensitive system information, establish persistence, and potentially escalate privileges within cloud environments.
This attack method poses a significant risk as it bypasses traditional security controls while operating within legitimate cloud infrastructure.
.png
)
The attack capitalizes on the automated package installation procedures that occur when cloud functions are deployed or updated.
By crafting specially designed Node[.]js packages with malicious code embedded in installation scripts, attackers can trigger the execution of arbitrary commands that extract system information and exfiltrate data to remote servers.
The exploitation technique affects not only Google Cloud Platform but extends to other major cloud providers including AWS Lambda and Azure Functions, demonstrating the widespread applicability of this attack method.
Cisco Talos researchers identified this emerging threat through detailed analysis of command patterns and exfiltration techniques.
Their investigation revealed that attackers utilize this method to perform reconnaissance by gathering operating system details, user information, network configurations, and other sensitive data from compromised cloud environments – all while remaining largely undetected by conventional security monitoring systems.
The attack leverages a deceptively simple but effective technique: embedding malicious commands in the “preinstall” script section of a package[.]json file.
.webp)
When cloud functions install or update dependencies, these commands execute automatically with the privileges of the cloud function’s service account.
One observed example shows attackers using a package named “myconfusedfunctionpoctestpackage” with versions ranging from 1.1.7 to 1.4.2 to execute various system commands.
Malicious Package Installation Mechanism
At the core of this attack is the manipulation of Node[.]js package configuration files.
The researchers documented numerous variations of malicious package[.]json files, each designed to extract different types of system information.
.webp)
This configuration demonstrates how attackers use the “preinstall” script to read the contents of sensitive system files (in this case, /etc/ passwd which contains user account information) and transmit the data to an attacker-controlled server through an encoded HTTP POST request.
The researchers observed multiple variations targeting different system files and configurations, including /etc / os-release to identify the operating system, network interface configurations via “ip addr show”, and routing tables through “ip route” commands.
What makes this attack particularly concerning is its ability to operate across multiple cloud environments.
The researchers confirmed similar techniques functioning in AWS Lambda and Azure Functions, proving that this isn’t an isolated vulnerability but rather a fundamental weakness in how cloud function deployment processes handle package installation scripts.
Server logs show successful exfiltration of sensitive data from various Linux distributions including Ubuntu, Debian, and CentOS running in these cloud environments.
As organizations increasingly migrate to serverless architectures, this attack vector represents an evolving threat that security teams must address through enhanced monitoring of package installations, restrictions on external network connections during function deployment, and careful scrutiny of third-party dependencies incorporated into cloud functions.
Equip your SOC team with deep threat analysis for faster response -> Get Extra 𝗦𝗮𝗻𝗱𝗯𝗼𝘅 𝗹𝗶𝗰𝗲𝗻𝘀𝗲𝘀 for Free
