Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys


A number of malicious Python packages that are designed to leak AWS credentials and environment variables to a publicly accessible endpoint have been found by researchers in the official third-party software repository.

According to Sonatype security researcher Ax Sharma, the list of packages also includes hkg-sol-utils, pygrata, pygrata-utils, loglib-modules, and pyg-modules. Now that the endpoint and the packages have been removed. Read More…