Malware Report

Title

Cloud Provider Credentials Targeted in New PyPI Malware Campaign

URL

https://blog.phylum.io/cloud-provider-credentials-targeted-in-new-pypi-malware-campaign/

Report Author

Phylum Research Team

Published At

2023-10-09

Updated At

2023-10-09

Description

Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to

Malware Packages (5)

The following malware packages were identified in this report.

Package Type	Name	Attack Strategy	Package Author	Versions	Description
Pypi Package	alibabacloud-oss2		coinexchanged		Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
Pypi Package	aws-enumerate-iam		weiwang3056		Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
Pypi Package	python-alibabacloud-sdk-core		coinexchanged		Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
Pypi Package	python-alibabacloud-tea-openapi		coinexchanged		Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
Pypi Package	tencent-cloud-python-sdk		hdhaibqbx		Over the weekend, Phylum’s automated risk detection alerted us to a series of publications surrounding packages on PyPI, all purporting to be some kind of cloud provider SDK or helper package. While these packages do, in fact, provide the purported functionality, they also surreptitiously ship the credentials off to
Package Type	Name	Attack Strategy	Package Author	Versions	Description

Showing 1 to 5 of 5 entries