Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages

About The Author

go2damax

See author's posts

Popular Stories Right now

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Why Retail and E-commerce Organizations Trust Security Researchers During the Holiday Shopping Season