Malicious Python Packages Targeting Cloud Credentials on PyPI

Listen to this Post

Cybersecurity experts have uncovered a large-scale malicious campaign exploiting the Python Package Index (PyPI) repository. Threat actors have been using fake Python packages disguised as legitimate time-related utilities to steal sensitive cloud credentials and access tokens. These malicious packages, downloaded over 14,100 times, pose a significant risk to developers and organizations using cloud services like AWS, Alibaba Cloud, and Tencent Cloud.

This attack highlights the growing threat of supply chain vulnerabilities, where adversaries inject harmful code into widely used software repositories. Although PyPI has removed the identified packages, the sheer number of downloads before detection suggests that numerous systems might already be compromised. Let’s delve into the details of this attack and its broader implications.

Malicious PyPI Packages: A Breakdown

ReversingLabs, a cybersecurity firm, discovered two clusters of 20 malicious packages:

Cluster 1: Data Exfiltration Packages

These packages acted as tools to transmit stolen credentials to the attackers’ infrastructure.

– snapshot-photo (2,448 downloads)

– time-check-server (316 downloads)

– time-check-server-get (178 downloads)

– time-server-analysis (144 downloads)

– time-server-analyzer (74 downloads)

– time-server-test (155 downloads)

– time-service-checker (151 downloads)

Cluster 2: Cloud Client Impersonators

These packages mimicked legitimate cloud service SDKs to target services like AWS, Alibaba Cloud, and Tencent Cloud.

– aclient-sdk (120 downloads)

– acloud-client (5,496 downloads)

– acloud-clients (198 downloads)

– acloud-client-uses (294 downloads)

– alicloud-client (622 downloads)

– alicloud-client-sdk (206 downloads)

– amzclients-sdk (100 downloads)

– awscloud-clients-core (206 downloads)

– credential-python-sdk (1,155 downloads)

– enumer-iam (1,254 downloads)

– tclients-sdk (173 downloads)

– tcloud-python-sdks (98 downloads)

– tcloud-python-test (793 downloads)

How These Packages Operated

These malicious packages were designed to look like legitimate utilities, making them difficult to detect. Attackers cleverly hid their payloads within dependencies, allowing the execution of malicious scripts upon installation.

Further analysis revealed that some of these packages were dependencies for a GitHub project named accesskey_tools, which has been forked 42 times and starred 519 times. This association allowed the malware to spread through unsuspecting developers who relied on the compromised project.

One such package, tcloud-python-test, was referenced in a commit on November 8, 2023, indicating it had been available for months before discovery. It was downloaded 793 times, underscoring how attackers leveraged existing repositories to distribute their malware.

A Broader Issue in Software Supply Chains

The disclosure of this campaign coincides with research from Fortinet FortiGuard Labs, which uncovered thousands of suspicious packages across PyPI and npm repositories. Some of these packages contained hidden scripts that:

– Installed additional malware.

– Communicated with command-and-control (C&C) servers.

– Exfiltrated user data.

Jenna Wang from Fortinet emphasized that suspicious URLs embedded within these packages serve as red flags. She noted that 974 packages were linked to data theft, malware distribution, and other cyber threats.

What Undercode Say:

The Growing Threat of Software Supply Chain Attacks

The cybersecurity landscape is witnessing an alarming rise in supply chain attacks, particularly within open-source ecosystems like PyPI and npm. Attackers exploit trust in these repositories, injecting malicious code that unsuspecting developers integrate into their projects.

Why This Attack Matters

  1. Scale of Impact – Over 14,100 downloads mean that numerous developers and organizations could be compromised.
  2. Cloud Targeting – Cloud services like AWS, Alibaba Cloud, and Tencent Cloud hold sensitive business data, making them prime targets.
  3. Dependency Exploitation – By infecting legitimate-looking packages, attackers ensure widespread distribution.

Lessons for Developers

  • Scrutinize Dependencies: Always check the credibility of the packages before integrating them.
  • Monitor External URLs: Suspicious links in dependencies can signal malware activity.
  • Use Security Tools: Tools like ReversingLabs, Snyk, and GitHub’s Dependabot can help detect threats.
  • Verify Authors: Ensure packages are from trusted sources and have consistent update histories.

How the Industry Should Respond

  • Stronger Vetting by PyPI: More rigorous checks and automated scanning can prevent such attacks.
  • Enhanced Developer Awareness: Training developers to spot supply chain risks is critical.
  • Better Incident Response: Quick removal of malicious packages is essential but must be coupled with user notifications.

Future Implications

This attack is not an isolated incident but part of a larger trend. As software supply chains become more complex, attackers will continue finding ways to infiltrate repositories. The cybersecurity community must stay ahead with better detection mechanisms and proactive security measures.

Fact Checker Results

  • The reported packages have indeed been removed from PyPI.
  • The “accesskey_tools” GitHub project was actively using the malicious packages before discovery.
  • Fortinet’s findings about malware-ridden packages in PyPI and npm are consistent with previous cybersecurity reports.

References:

Reported By: https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html
Extra Source Hub:
https://www.facebook.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image