acm-header
Sign In

Communications of the ACM

Home/News/Multiple Backdoored Python Libraries Caught Stealing.../Full Text
ACM TechNews

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets, Keys

By The Hacker News
June 30, 2022
Comments
View as: Print Mobile App Share:
Hooded hacker works on a computer.

Credit: Getty Images

Researchers have identified malicious Python packages designed to exfiltrate Amazon Web Services (AWS) credentials and environment variables to a publicly exposed endpoint. The packages found in the official third-party software repository include loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype's Ax Sharma. The packages and the endpoint have been taken down.

"Some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job," Sharma said.

From The Hacker News
View Full Article

 

Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account