Multiple malicious packages in PyPI repository found stealing AWS secrets

Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment variables) and also upload these to a publicly exposed endpoint. The malicious packages, which were […]

The post Multiple malicious packages in PyPI repository found stealing AWS secrets appeared first on Security Affairs.

This article has been indexed from Security Affairs

Read the original article:

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!