1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Python libraries are being attacked for AWS keys

    From TechnologyDaily@1337:1/100 to All on Wed May 25 12:30:04 2022
    Python libraries are being attacked for AWS keys

    Date:
    Wed, 25 May 2022 11:22:10 +0000

    Description:
    Python repositories hijacked, but researchers quickly picked up on the attack.

    FULL STORY ======================================================================

    When a GitHub repository that hasnt been touched for almost a decade suddenly gets an update, users should be wary, as it might just be a hostile takeover with the intention of distributing viruses .

    Thats exactly what happened to the PyPI module ctx, which apparently has millions of downloads. Earlier this month, following a software supply chain attack, someone replaced the safe ctx code with an updated version that
    steals developer environment variables and collects secrets such as Amazon
    AWS keys and credentials.

    These are then sent to a Heroku endpoint at https://anti-theft-web.herokuapp[.]com/hacked/

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Repo jacking

    The attack, first spotted by BleepingComputer , resulted in some 20,000 downloads.

    Besides ctx, versions of phpass that were published to the PHP/Composer package repository Packagist have also been updated in the same way. This one also has millions of downloads.

    CTX is a Python module whose last update happened in 2014. Then, eight years later, on May 15, the module was updated with a malicious code, as was
    spotted by Reddit users, and later confirmed by ethical hackers. PHPass, on the other hand, is an open-source password hashing framework, released in 2005, and downloaded more than two million times, so far.

    PyPI took down the malicious versions a few hours after they were uploaded to the repository, but the damage had already been done, it was said. The damage done via PHPass was a lot more limited, researchers added. Read more

    Credit card-stealing malware found in official Python repository


    A mystery hacker is smuggling data out of private code repositories,
    GitHub warns


    Official Python software package repository flooded with spam

    Researchers are claiming both attacks were done by the same person, whose identity is obvious, but are refraining from naming any names before more details are unveiled.

    Researchers are dubbing these types of attacks as repo jacking (repository hijacking), and these are hardly their first examples. Earlier this year, popular npm libraries ua-parser-js, coa, and rc have all been repo jacked to serve cryptocurrency miners and infostealers to their victims. Monitor all
    the traffic going in an out with the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/python-libraries-are-being-attacked-for-aws-key s/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)