Python libraries containing malicious code collect and upload users' Amazon Web Services credentials

Rual dV

Active Member
Staff member
Company Rep
Joined
Jan 27, 2022
Messages
99
Reaction score
20
Malicious Python packages stole users' Amazon Web Services credentials

Sonatype researchers discovered malicious code in multiple Python packages that uploaded users' Amazon Web Services (AWS) credentials and environment variables to a publicly exposed domain.

Sonatype's automated malware detection system initially discovered the malicious packages, after which the company's researchers reported them to the Python Package Index (PyPI) team.
 
Top
Sign up to the MyBroadband newsletter