Bogus packages claimed to be time-related utilities leveraged for data exfiltration to attackers' infrastructure.
Malicious Python Package Index packages have infected more than 14,000 users.
According to analysis by Reversing Labs, and reported by The Hacker News, the packages sought to steal cloud access tokens and other sensitive data before being removed from the repository.
The analysis found that more than a quarter of the bogus packages were purporting to be time-related utilities leveraged for data exfiltration to attackers' infrastructure, while most of the remaining packages were for cloud services' adoption of cloud client functionalities.
Further examination of the nefarious packages revealed three to be dependencies of the widely used accesskey_tools project on GitHub.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
