Friday, April 12, 2024
HomeNewsPyPI module gets compromised to steal AWS keys and credentials

PyPI module gets compromised to steal AWS keys and credentials

In a malicious software supply chain attack, safer ‘ctx’ versions of the PyPI module get exfiltrated.

Several malicious Python packages accessible through the PyPI module were discovered, taking confidential data, including AWS keys and credentials, and sending it to openly accessible destinations. 

PyPI is an open-source repository of Python packages that developers use for their Python-based projects. The widely used PyPI package “ctx” was recently compromised and might release versions that leak your environment variables to an external server. “Ctx” is a simple Python package that enables programmers to manipulate their “dictionary” or “dict” objects.

Companies like Sonatype, specialize in software supply-chain security and employ specific automated malware detection methods to find them. Sonatype identified several more packages to be malicious. These include:

  • loglib-modules
  • pyg-modules
  • pygrata
  • hkg-sol-utils
  • Pygrata-utils

J. Cardona and C. Fernandez, Sonatype analysts, identified that ‘loglib-modules’ and ‘pygrata-utils’ were used for exfiltration and snatching AWS credentials and other essential information. 

Read More: OpenAI’s New AI, trained on 70,000 in-game hours on YouTube, can play Minecraft.

The two analysts contacted the domain owners to alert them to the public exposure and to provide an explanation under the assumption that they might be missing anything. The endpoint was quickly made inaccessible to the public without any other response, likely indicating illegitimacy. 

PyPI often responds quickly to reports of harmful packages on the platform, but because there is no actual filtering before submission, risky packages may remain for some time. It’s interesting to note that “pygrata” requires “pygrata-utils” as a dependency because it lacks the data-stealing functionality. Because of this, even though four malicious packages were swiftly detected and deleted from PyPI, “pygrata” stayed there for a more extended period despite its limited autonomy.

Software developers are recommended to examine package descriptions, upload dates, release histories, and upload dates in addition to package names. These factors tell whether a Python package is authentic or a risky imitation.

Subscribe to our newsletter

Subscribe and never miss out on such trending AI-related articles.

We will never sell your data

Join our WhatsApp Channel and Discord Server to be a part of an engaging community.

Disha Chopra
Disha Chopra
Disha Chopra is a content enthusiast! She is an Economics graduate pursuing her PG in the same field along with Data Sciences. Disha enjoys the ever-demanding world of content and the flexibility that comes with it. She can be found listening to music or simply asleep when not working!


Please enter your comment!
Please enter your name here

Most Popular