AWS keys stolen by malicious PyPI package with thousands of downloads

You May Be Interested In:ChatGPT is going to be less constrained on sensitive topics, according to OpenAI




  • Researchers discover three-year old malicious package in PyPI
  • The package is a typosquatted version of Fabric, with 37,000 downloads
  • Its goal is to steal AWS login credentials from the developers

A malicious Python package has been hiding in the Python Package Index (PyPI) for years, stealthily stealing people’s Amazon Web Service (AWS) credentials.

Cybersecurity researchers Socket outlined how a package called “fabrice” was uploaded to the repository back in 2021 – before PyPl deployed its advanced scanning tool.

share Paylaş facebook pinterest whatsapp x print

Similar Content

Global Gazette | © 2024 | News