Researchers have identified malicious Python packages designed to exfiltrate Amazon Web Services (AWS) credentials and environment variables to a publicly exposed endpoint. The packages found in the official third-party software repository include loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype's Ax Sharma. The packages and the endpoint have been taken down.
"Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job," Sharma said.
From The Hacker News
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found