Head Topics

Malicious Python packages stole users’ Amazon Web Services credentials

South Africa News News

Malicious Python packages stole users’ Amazon Web Services credentials
South Africa Latest News,South Africa Headlines
  • 📰 mybroadband
  • ⏱ Reading Time:
  • 23 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 13%
  • Publisher: 67%

Sonatype security researchers have discovered some Python packages collect developers’ credentials.

malicious code in multiple Python packages that uploaded users’ Amazon Web Services credentials and environment variables to a publicly exposed domain.

The malicious packages were identified as “loglib-modules”, “pyg-modules”, “pygrata”, “pygrata-utils”, and “hkg-sol-utiils”. Sonatype security researchers Jorge Cardona and Carlos Fernandez determined that the packages either contain code that reads and extracts developers’ sensitive data or install dependencies that do the same.

The script then attempted to upload this data to one or more endpoints hosted on the pygrata.com domain.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

mybroadband /  🏆 11. in ZA

South Africa Latest News, South Africa Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Instagram is Testing New Ways to Verify Users' Ages - IT News Africa - Up to date technology news, IT news, Digital news, Telecom news, Mobile news, Gadgets news, Analysis and ReportsInstagram is Testing New Ways to Verify Users' Ages - IT News Africa - Up to date technology news, IT news, Digital news, Telecom news, Mobile news, Gadgets news, Analysis and ReportsInstagram, a photo and video-sharing social networking service, is testing new ways to verify users’ ages, including scanning their faces. The trial started on 23 June and is currently being rolled out in the US. It is focused on users who try to change their age on the app from under 18 to over 18. […]
Read more »

Carl Niehaus plans to sue the State, NPA for wrongful and malicious prosecutionCarl Niehaus plans to sue the State, NPA for wrongful and malicious prosecutionCarl Niehaus instructed his lawyer Nthabiseng Mokoena to file a discharge application in terms of Section 174 of the criminal procedure act last month.
Read more »

Cameroon: Broken Promises - Cameroon's Troubled Disarmament InitiativeCameroon: Broken Promises - Cameroon's Troubled Disarmament Initiative'The movement has changed - it's now about kidnapping, stealing, and demanding ransoms.'
Read more »

Podcast: Even the hackers are disheartened by crypto’s slumpPodcast: Even the hackers are disheartened by crypto’s slump[ICYMI] What do you do when your stolen loot is rapidly losing market value? You offload it as fast as you can. But crypto writer Paulo Delgado says law enforcement is getting better at chasing down stolen cryptos ... Download the podcast
Read more »

Gauteng ANC elects new leadership, with Panyaza Lesufi as chairGauteng ANC elects new leadership, with Panyaza Lesufi as chairResults from the hotly-contested provincial conference were announced in the early hours of Monday morning, after spending at least three days deliberating over credentials.
Read more »

Shoprite customer data is being auctioned on the dark webShoprite customer data is being auctioned on the dark webRansomHouse has put Shoprite Money Transfer customer data up for auction after the company apparently refused to communicate with the group.
Read more »



Render Time: 2025-02-25 18:32:07