- Joined
- Jan 27, 2022
- Messages
- 99
- Reaction score
- 20
Malicious Python packages stole users' Amazon Web Services credentials
Sonatype researchers discovered malicious code in multiple Python packages that uploaded users' Amazon Web Services (AWS) credentials and environment variables to a publicly exposed domain.
Sonatype's automated malware detection system initially discovered the malicious packages, after which the company's researchers reported them to the Python Package Index (PyPI) team.
Sonatype researchers discovered malicious code in multiple Python packages that uploaded users' Amazon Web Services (AWS) credentials and environment variables to a publicly exposed domain.
Sonatype's automated malware detection system initially discovered the malicious packages, after which the company's researchers reported them to the Python Package Index (PyPI) team.