Multi-Backdoored Python Libraries Found Stealing AWS Secrets and Keys

Share post:

Researchers have unraveled a series of malicious Python packages in the official third-party software repository that are engineered to draw out AWS credentials and environment variables onto a publicly exposed endpoint.

According to Sonatype security researcher Ax Sharma, some of the packages include loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils. Both the packages and the endpoints have now been taken down.

“Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job,” Sharma said.

The malicious code injected into “loglib-modules” and “pygrata-utils” enable the packages to obtain AWS credentials, network interface information, and environment variables and export them to a remote endpoint.

These endpoints hosting this information via hundreds of .TXT files were not secured by any authentication barrier, thus allowing any party on the web to obtain these credentials.

“Were the stolen credentials being intentionally exposed on the web or a consequence of poor OPSEC practices?Should this be some kind of legitimate security testing, there surely isn’t much information at this time to rule out the suspicious nature of this activity,” Sharma said. 

A Turkey-based security researcher, Yunus Aydın, has claimed responsibility for the unauthorized changes, stating he merely wanted to “show how this simple attack affects +10M users and companies.”

Incidentally, Code White, a German penetration testing company, claimed responsibility for uploading malicious packages to the NPM registry, attempting to realistically mimic dependency confusion attacks aimed at its customers in the country, most of whom are big media, logistics, and industrial firms.

For more information, read the original story in Thehackernews.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways