Security News > 2024 > July > Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials

Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
2024-07-27 05:47

Cybersecurity researchers have discovered a malicious package on the Python Package Index repository that targets Apple macOS systems with the goal of stealing users' Google Cloud credentials from a narrow pool of victims.

The package, named "Lr-utils-lib," attracted a total of 59 downloads before it was taken down.

"The malware uses a list of predefined hashes to target specific macOS machines and attempts to harvest Google Cloud authentication data," Checkmarx researcher Yehuda Gelb said in a Friday report.

An important aspect of the package is that it first checks if it has been installed on a macOS system, and only then proceeds to compare the system's Universally Unique Identifier against a hard-coded list of 64 hashes.

It comes more than two months after cybersecurity firm Phylum disclosed details of another supply chain attack involving a Python package called "Requests-darwin-lite" that was also found to unleash its malicious actions after checking the UUID of the macOS host.

These campaigns are a sign that threat actors have prior knowledge of the macOS systems they want to infiltrate and are going to great lengths to ensure that the malicious packages are distributed only to those particular machines.


News URL

https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Pypi 15 0 0 1 15 16