San Francisco, CA – March 17, 2025 – Malicious PyPI packages stole cloud tokens! 14K+ downloads before removal. Devs urged to secure credentials.
A massive supply chain attack has rocked the developer community as 20 malicious PyPI packages were caught stealing cloud access tokens. Shockingly, these rogue packages were downloaded over 14,100 times before being removed, potentially exposing AWS, Alibaba Cloud, and Tencent Cloud credentials to cybercriminals.
Cybersecurity firm ReversingLabs uncovered the attack, which targeted developers by disguising malware as legitimate Python libraries. Some of the infected packages included acloud-client, enumer-iam, and tcloud-python-test, all of which secretly exfiltrated cloud authentication details to the attackers’ servers.
Jenna Wang, a cybersecurity researcher said:
This is a nightmare scenario. Developers unknowingly handed over the keys to their cloud infrastructure.
Even more alarming, three of these compromised packages were dependencies in a popular GitHub project, which had been forked 42 times and starred 519 times, spreading the infection further.
Experts warn that PyPI’s lack of strict package verification makes it a prime target for hackers. Malicious actors are slipping in trojanized libraries that appear safe but contain hidden exploits. David Larkin, a cybersecurity analyst warned:
Supply chain attacks like this can bring down entire businesses. Developers must double-check every package they use.
While the malicious packages have now been removed, the damage may already be done. Developers using affected libraries are urged to immediately rotate credentials and scan their systems for unauthorized access.
Other News At VPNRanks
Stay Informed with VPNRanks
Hey, wait! Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
