Skip to content

MALICIOUS (1) package from Python Package Index.

  1. The campaign has clearly malicious intent, like infostealers.

aws-enumerateiam

Affected versions: unspecified (1)

  1. Version numbers are currently not tracked. Assume all versions are affected.

Before creating the boto3 client, package exfiltrates user's credentials. In this version, the exfiltrating is masked as connecting to an AWS component. The URL to the component is expected to be hex-encoded. In fact, the related GitHub project uses it as a dependency and sets as the URL the attacker-controlled domain. In this way, the AWS libraries are abused to generate the request to the malicious infrastructure and exfiltrate credentials.

Campaign data

Campaign information may not always be 100% accurate for every related package.

Campaign description

Before creating the boto3 client, package exfiltrates user's credentials. Packages from the campaign are used as dependency in a GitHub project promising automating cloud enumeration

See more details on the campaign page.

action-hidden-in-lib-usage

Campaign targets action-hidden-in-lib-usage.

exfiltration_credentials

Campaign targets exfiltration_credentials.

exfiltration_generic

Campaign targets exfiltration_generic.

Look up in other services

  1. May not be available. See more in pypi-json-data repository.
  2. Open Source Insights project, provided by Google.
  3. Service from Socket.dev, a cybersecurity company.
  4. Spectra Assure Community, a service from ReversingLabs, a cybersecurity company.