Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

The Hacker News by The Hacker News
March 15, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security

Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as “time” related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.

Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages have been cumulatively downloaded over 14,100 times –

  • snapshot-photo (2,448 downloads)
  • time-check-server (316 downloads)
  • time-check-server-get (178 downloads)
  • time-server-analysis (144 downloads)
  • time-server-analyzer (74 downloads)
  • time-server-test (155 downloads)
  • time-service-checker (151 downloads)
  • aclient-sdk (120 downloads)
  • acloud-client (5,496 downloads)
  • acloud-clients (198 downloads)
  • acloud-client-uses (294 downloads)
  • alicloud-client (622 downloads)
  • alicloud-client-sdk (206 downloads)
  • amzclients-sdk (100 downloads)
  • awscloud-clients-core (206 downloads)
  • credential-python-sdk (1,155 downloads)
  • enumer-iam (1,254 downloads)
  • tclients-sdk (173 downloads)
  • tcloud-python-sdks (98 downloads)
  • tcloud-python-test (793 downloads)

While the first set relates to packages that are used to upload data to the threat actor’s infrastructure, the second cluster consists of packages implementing cloud client functionalities for several services like Alibaba Cloud, Amazon Web Services, and Tencent Cloud.

Cybersecurity

But they have also been using “time” related packages to exfiltrate cloud secrets. All the identified packages have already been removed from PyPI as of writing.

Further analysis has revealed that three of the packages, acloud-client, enumer-iam, and tcloud-python-test, has been listed as dependencies of a relatively popular GitHub project named accesskey_tools that has been forked 42 times and started 519 times.

Malicious PyPI Packages

A source code commit referencing tcloud-python-test was made on November 8, 2023, indicating that the package has been available for download on PyPI since then. The package has been downloaded 793 times to date, per statistics from pepy.tech.

The disclosure comes as Fortinet FortiGuard Labs said it discovered thousands of packages across PyPI and npm, some of which have been found to embed suspicious install scripts designed to deploy malicious code during installation or communicate with external servers.

“Suspicious URLs are a key indicator of potentially malicious packages, as they are often used to download additional payloads or establish communication with command-and-control (C&C) servers, giving attackers control over infected systems,” Jenna Wang said.

“In 974 packages, such URLs are linked to the risk of data exfiltration, further malware downloads, and other malicious actions. It is crucial to scrutinize and monitor external URLs in package dependencies to prevent exploitation.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
An AI Coding Assistant Refused to Write Code—and Suggested the User Learn to Do It Himself

An AI Coding Assistant Refused to Write Code—and Suggested the User Learn to Do It Himself

Recommended.

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

March 17, 2026
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

March 18, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio