Cybersecurity researchers have recently uncovered a malicious campaign targeting users of the Python Package Index (PyPI). This campaign involves fake libraries that appear to be related to time management, but they are actually designed to siphon off sensitive information such as cloud access tokens.

The security firm ReversingLabs reported finding two sets of these malicious packages, totaling 20 different entries, which have collectively been downloaded over 14,100 times. Notable packages include:

• snapshot-photo (2,448 downloads)
• time-check-server (316 downloads)
• acloud-client (5,496 downloads)
• enumer-iam (1,254 downloads)

The initial set of packages is geared towards data uploads to the threat actor’s infrastructure, while the second set features cloud client functionalities for platforms like Alibaba Cloud, Amazon Web Services, and Tencent Cloud. Specifically, the identified packages are engineered to extract cloud secrets from users.

ReversingLabs confirmed that all the malicious packages have been removed from PyPI as of now. Further investigation revealed that three of these packages, acloud-client, enumer-iam, and tcloud-python-test, were listed as dependencies in a popular GitHub project called accesskey_tools, which has garnered significant attention with 42 forks and 519 stars.

Interestingly, the tcloud-python-test package was noted to have had a source code update on November 8, 2023, indicating it was available for download on PyPI since that time.

This finding aligns with another report from Fortinet FortiGuard Labs, which identified thousands of suspicious packages across both PyPI and npm. Many of these packages contain potentially harmful installation scripts that execute malicious code during the installation process or connect to external servers.

According to Fortinet, identifying suspicious URLs linked to these packages is crucial, as they may lead to data breaches, further malware distribution, and other adverse actions. Monitoring these external connections in package dependencies is essential to mitigate exploitation risks.

Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.