More than 14,100 users have been compromised with malicious Python Package Index (PyPI) packages that sought to pilfer cloud access tokens and other sensitive data before being removed from the repository, reports The Hacker News.
More than one-quarter of the bogus packages were purporting to be time-related utilities leveraged for data exfiltration to attackers' infrastructure, while most of the remaining packages were for cloud services' adoption of cloud client functionalities, according to a ReversingLabs analysis.
Further examination of the nefarious packages revealed three to be dependencies of the widely-used accesskey_tools project on GitHub. Such findings come after thousands of PyPI and npm packages were reported by Fortinet FortiGuard Labs to have been used to facilitate malicious code injections.
"Suspicious URLs are a key indicator of potentially malicious packages, as they are often used to download additional payloads or establish communication with command-and-control (C2) servers, giving attackers control over infected systems," said Jenna Wang, a researcher at FortiGuard Labs.
