Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys

2022-06-26 22:58

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint.

The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma.

The packages and as well as the endpoint have now been taken down.

"Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job," Sharma said.

Exactly a month back, two trojanized Python and PHP packages, named ctx and phpass, were uncovered in yet another instance of a software supply chain attack.

In a similar vein, a German penetration testing company named Code White owned up last month to uploading malicious packages to the NPM registry in a bid to realistically mimic dependency confusion attacks targeting its customers in the country, most of which are prominent media, logistics, and industrial firms.

News URL

https://thehackernews.com/2022/06/multiple-backdoored-python-libraries.html

#AWS #libraries #python

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Python		27	10	87	73	27	197