• About
  • Privacy Policy
  • Contact
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News
No Result
View All Result
Tech Newsday
No Result
View All Result
Home Distribution

Multi-Backdoored Python Libraries Found Stealing AWS Secrets and Keys

TND Newsdesk by TND Newsdesk
June 27, 2022
in Distribution, Engineering, Operations, Security
0 0
0

Researchers have unraveled a series of malicious Python packages in the official third-party software repository that are engineered to draw out AWS credentials and environment variables onto a publicly exposed endpoint.

According to Sonatype security researcher Ax Sharma, some of the packages include loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils. Both the packages and the endpoints have now been taken down.

“Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job,” Sharma said.

The malicious code injected into “loglib-modules” and “pygrata-utils” enable the packages to obtain AWS credentials, network interface information, and environment variables and export them to a remote endpoint.

These endpoints hosting this information via hundreds of .TXT files were not secured by any authentication barrier, thus allowing any party on the web to obtain these credentials.

“Were the stolen credentials being intentionally exposed on the web or a consequence of poor OPSEC practices?Should this be some kind of legitimate security testing, there surely isn’t much information at this time to rule out the suspicious nature of this activity,” Sharma said. 

A Turkey-based security researcher, Yunus Aydın, has claimed responsibility for the unauthorized changes, stating he merely wanted to “show how this simple attack affects +10M users and companies.”

Incidentally, Code White, a German penetration testing company, claimed responsibility for uploading malicious packages to the NPM registry, attempting to realistically mimic dependency confusion attacks aimed at its customers in the country, most of whom are big media, logistics, and industrial firms.

For more information, read the original story in Thehackernews.

Subscribe

About Tech News Day

In just 10 minutes you will have all your leadership tech news needs covered. Our Editors browse the top tech news sites for you, get rid of the fluff and post summaries of the best. Our content is created by trained professionals and enhanced for IT leaders using leading edge artificial intelligence.

About

Tech Newsday

Tech News Day picks the new, most relevant tech stories.

Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize these to give you a quick summary and the key takeaways.

SUBSCRIBE

Categories

  • Artificial Intelligence
  • Auto Tech
  • Blockchain
  • Careers & Education
  • Channel Strategy
  • Cloud
  • Communications & Telecom
  • Companies
  • Data & Ananytics
  • Development
  • Digital Transformation
  • Distribution
  • Diversity & Inclusion
  • eCommerce
  • Emerging Tech
  • End User Hardware
  • Engineering
  • Financial
  • Fintech
  • Future of Work
  • Governance
  • Government & Public Sector
  • Human Resources
  • Infrastructure
  • IoT
  • Leadership
  • Legal
  • Legislation & Regulation
  • Managed Services & Outsourcing
  • Marketing
  • Martech
  • Medical
  • Mobility
  • Not for Profit
  • Open Source
  • Operations
  • People
  • Podcasts
  • Privacy
  • Security
  • Service
  • Smart Home
  • SMB
  • Social Networks
  • Software
  • Supply Chain
  • Sustainability
  • Today's News
  • Top Stories This Week
  • Women in Tech
  • Home
  • Today’s News
  • About
  • Privacy
  • Contact

2022 Tech News Day

No Result
View All Result
  • Security
  • Future of Work
  • Mobility
  • Emerging Tech
  • Today’s News

2022 Tech News Day

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
-
00:00
00:00

Queue

Update Required Flash plugin
-
00:00
00:00