Sign In

Communications of the ACM

ACM TechNews

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets, Keys

View as: Print Mobile App Share:
Hooded hacker works on a computer.

Credit: Getty Images

Researchers have identified malicious Python packages designed to exfiltrate Amazon Web Services (AWS) credentials and environment variables to a publicly exposed endpoint. The packages found in the official third-party software repository include loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype's Ax Sharma. The packages and the endpoint have been taken down.

"Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job," Sharma said.

From The Hacker News
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found