Sonatype researchers have found malicious Python packages that post your AWS credentials and user characteristics to a publicly accessible endpoint rather than just exploiting sensitive data. Some malicious packages with the Sonatypes are as follows:
- loglib-modules — seems targeted at coders who are familiar with the authentic “loglib library.”
- pyg-modules — seems aimed at coders who are familiar with the basic “pyg” library.
- Pygrata:Unknown target, pygrata-utils contains identically noxious code to that found in “loglib-modules.”
- hkg-sol-utils: Unknown goal
The anti-ransomware detection technology provided by Sonatype as part of Nexus platform products, such as Nexus Firewall, found these packages. Researchers found these packages to be harmful after further analysis, thus, out of precaution, they reported this to the PyPI security team, so these packages were withdrawn. “This kind of package either has code that reads and phishes your secrets or employs a dependency that does it”, according to an analysis by Sonatype security researchers Jorge Cardona and Carlos Fernández.
For instance, the malicious software in the packages “loglib-mo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article. 
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: