Security News > 2022 > June > PyPi packages caught sending stolen AWS keys to unsecured sites
Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone.
PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community.
While PyPI is usually quick to respond to reports of malicious packages on the platform, there's no real vetting before submission, so dangerous packages may lurk there for a while.
While the first two packages attempt to mimic legitimate and popular projects on PyPI to trick careless or inexperienced users to install them and the other three don't have apparent targeting, all five feature code similarities or connections.
Sonatype analysts J. Cardona and C. Fernandez figured that the packages 'loglib-modules' and 'pygrata-utils' were created for data exfiltration, snatching AWS credentials, network interface information, and environment variables.
Even if these packages were used for legitimate security testing and the operators behind them never intended to exploit the stolen details, their presence on PyPI might have exposed "Involuntary participants" to significant risk as their credentials were ultimately exposed.