Developer credentials targeted by malicious PyPi packages

Ten malicious Python Package Index packages have been discovered by Check Point researchers to deploy info-stealers enabling the exfiltration of personal credentials and private data from software developers, reports The Hacker News. Among the identified credential stealing libraries, all of which have already been removed, are Ascii2text, which downloads a script to facilitate browser-stored password collection, and Browserdiv, which gathers browser Local Storage folder-stored credentials and information, noted Check Point researchers. AWS credentials could be exfiltrated by the PyProto2, Pyg-utils, and Pymocks libraries, while the Zlibscr and Test-async libraries facilitate malicious code downloading and execution amid installation. Moreover, user credentials and environment variables could be stolen by the WINRPCexploit, Free-net-vpn, and Free-net-vpn2 libraries. The report noted that such PyPi libraries could be leveraged in supply chain attacks. "Supply chain attacks are designed to exploit trust relationships between an organization and external parties... Cyber threat actors will compromise one organization and then move up the supply chain, taking advantage of these trusted relationships to gain access to other organizations' environments," said researchers.