Security News > 2024 > July > Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Cybersecurity researchers have discovered a malicious package on the Python Package Index repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims.
The package, named "Lr-utils-lib," attracted a total of 59 downloads before it was taken down.
"The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data," Checkmarx researcher Yehuda Gelb said in a Friday report.
An important aspect of the package is that it first checks if it has been installed on a macOS system, and only then proceeds to compare the system's Universally Unique Identifier against a hard-coded list of 64 hashes.
It comes more than two months after cybersecurity firm Phylum disclosed details of another supply chain attack involving a Python package called "Requests-darwin-lite" that was also found to unleash its malicious actions after checking the UUID of the macOS host.
These campaigns are a sign that threat actors have prior knowledge of the macOS systems they want to infiltrate and are going to great lengths to ensure that the malicious packages are distributed only to those particular machines.
News URL
https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html
Related news
- Google Cloud Expands Confidential Computing Portfolio (source)
- Google Cloud to make MFA mandatory by the end of 2025 (source)
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- All Google Cloud users will have to enable MFA by 2025 (source)
- Google Cloud Cybersecurity Forecast 2025: AI, geopolitics, and cybercrime take centre stage (source)
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- Gang gobbles 15K credentials from cloud and email providers' garbage Git configs (source)