• Latest
  • Trending
PyPi python packages caught sending stolen AWS keys to unsecured sites

PyPi python packages caught sending stolen AWS keys to unsecured sites

June 27, 2022
Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023
Vice President Dr. Bawumia inaugurates  ICT Hub

Vice President Dr. Bawumia inaugurates ICT Hub

April 2, 2023
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Thursday, 16 July, 2026
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

PyPi python packages caught sending stolen AWS keys to unsecured sites

by ITECHNEWS
June 27, 2022
in Infosec, Leading Stories
0 0
0
PyPi python packages caught sending stolen AWS keys to unsecured sites

Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone.

PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community.

YOU MAY ALSO LIKE

French Telco Orange Hit by Cyber-Attack

ATC Ghana supports Girls-In-ICT Program

While PyPI is usually quick to respond to reports of malicious packages on the platform, there’s no real vetting before submission, so dangerous packages may lurk there for a while.

Software supply-chain security companies like Sonatype use specialized automated malware detection tools to spot them, and in this case, they identified the following packages as malicious:

  • loglib-modules
  • pyg-modules
  • pygrata
  • pygrata-utils
  • hkg-sol-utils

While the first two packages attempt to mimic legitimate and popular projects on PyPI to trick careless or inexperienced users to install them and the other three don’t have apparent targeting, all five feature code similarities or connections.

Exposing stolen data

Sonatype analysts J. Cardona and C. Fernandez figured that the packages ‘loglib-modules’ and ‘pygrata-utils’ were created for data exfiltration, snatching AWS credentials, network interface information, and environment variables.

Code snippet pertaining to the data-stealing functionality
Code snippet pertaining to the data-stealing functionality (Sonatype)

Interestingly, ‘pygrata’ does not contain the data-stealing functionality by itself but requires ‘pygrata-utils’ as a dependency.

This is why, although four of the malicious packages have been reported and removed from PyPI immediately, ‘pygrata’ remained there for longer, albeit it couldn’t do much on its own.

The stolen data is stored in TXT files and uploaded to a PyGrata[.]com domain. However, the endpoint isn’t properly secured, so the analysts could peek into what the threat actors had stolen.

One of the TXT files containing stolen AWS credentials
One of the sampled TXT files containing stolen AWS credentials (Sonatype)

Acting ethically and on the presumption that they might be missing something, the two analysts contacted the domain owners to inform them of the public exposure and request explanations.

Soon after, the endpoint was secured from public access without Sonatype ever receiving an answer. This likely means that the purpose of these packages and the data hosting domain isn’t legitimate.

Even if these packages were used for legitimate security testing and the operators behind them never intended to exploit the stolen details, their presence on PyPI might have exposed “involuntary participants” to significant risk as their credentials were ultimately exposed.

PyPI security

Since these malicious packages aren’t using typosquatting tricks, they’re not randomly targeting developers who mistyped a character but users looking for specific tools for their projects.

Suspicious package with no description
Suspicious package with no project description (Sonatype)

Software developers are advised to go beyond package names and scrutinize release histories, upload dates, homepage links, package descriptions, and download numbers, all collectively helping determine if a Python package is the real deal or a dangerous fake.

Source: Bill Toulas
Via: bleepingcomputer
Tags: PyPi python packages caught sending stolen AWS keys to unsecured sites
ShareTweet

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025
ATC Ghana supports Girls-In-ICT Program

ATC Ghana supports Girls-In-ICT Program

April 25, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa

July 29, 2025
French Telco Orange Hit by Cyber-Attack

French Telco Orange Hit by Cyber-Attack

July 29, 2025

Recent News

  • Absa and Visa Extend Strategic Partnership to Advance Growth and Innovation Across Africa July 29, 2025
  • French Telco Orange Hit by Cyber-Attack July 29, 2025
  • ATC Ghana supports Girls-In-ICT Program April 25, 2023
  • Vice President Dr. Bawumia inaugurates ICT Hub April 2, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© Copyright 2026, All Rights Reserved | iTechNewsOnline.Com - Powered by BackUPDataSystems

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version