Security News > 2022 > May > Popular Python and PHP libraries hijacked to steal AWS keys

Popular Python and PHP libraries hijacked to steal AWS keys
2022-05-24 11:42

The threat actor even replaced the older, safe versions of 'ctx' with code that exfiltrates the developer's environment variables, to collect secrets like Amazon AWS keys and credentials.

Versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets in a similar fashion.

Python library 'ctx' uploads secrets to a Heroku endpoint.

'ctx' is a minimal Python module that lets developers manipulate their dictionary objects in a variety of ways.

PHP package 'phpass' altered to steal AWS credentials.

In an identical attack, the fork of an immensely popular Composer/PHP package, 'hautelook/phpass' was compromised with malicious versions published to the Packagist repository.


News URL

https://www.bleepingcomputer.com/news/security/popular-python-and-php-libraries-hijacked-to-steal-aws-keys/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
PHP 9 1 43 115 124 283
Python 24 2 52 74 31 159