Security News > 2022 > May > Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked to Steal AWS Keys

Popular PyPI Package 'ctx' and PHP Library 'phpass' Hijacked to Steal AWS Keys
2022-05-25 19:35

Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem.

One of the packages in question is "Ctx," a Python module available in the PyPi repository.

The other involves "Phpass," a PHP package that's been forked on GitHub to distribute a rogue update.

"In both cases the attacker appears to have taken over packages that have not been updated in a while," the SANS Internet Storm Center said, one of whose volunteer incident handlers, Yee Ching, analyzed the ctx package.

The malicious Python package, which was pushed to PyPi on May 21, 2022, has been removed from the repository, but the PHP library still continues to be available on GitHub.

"After gaining access to the account, the perpetrator could remove the old package and upload the new backdoored versions."


News URL

https://thehackernews.com/2022/05/pypi-package-ctx-and-php-library-phpass.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
PHP 21 25 312 220 84 641
Pypi 14 0 0 14 0 14