Cloud Security, Supply chain

Google Cloud credentials in macOS targeted by malicious PyPI package

Share
People walk past a Google Cloud logo

Attacks leveraging the new malicious Python Package Index package dubbed "lr-utils-lib" have enabled the exfiltration of Google Cloud credentials from macOS systems, The Hacker News reports.

Such a package, which has been taken down after accumulating 59 downloads, initially verifies targeted systems to be macOS before checking the machines' Universally Unique Identifier and infiltrating files that have Google Cloud authentication details, which are then delivered to a remote server via HTTP, according to a Checkmarx report. Despite the identity of the actual threat actors remaining a mystery, researchers found that the package's owner matched a certain "Lucid Zenith" purporting to be the CEO of Apex Companies on LinkedIn, which may be indicative of social engineering used in the attack campaign. "While it is not clear whether this attack targeted individuals or enterprises, these kinds of attacks can significantly impact enterprises. While the initial compromise usually occurs on an individual developer's machine, the implications for enterprises can be substantial," said Checkmarx researcher Yehuda Gelb.

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.