Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

 

Cybersecurity researchers have identified a sophisticated malware campaign targeting Python developers through the Python Package Index (PyPI). Threat actors have uploaded 20 malicious packages under the guise of legitimate time-related utilities, embedding hidden code to exfiltrate sensitive cloud credentials.

Software supply chain security firm ReversingLabs reported that these malicious packages collectively amassed over 14,100 downloads before their removal. The identified packages include:

• snapshot-photo (2,448 downloads)

• time-check-server (316 downloads)

• time-check-server-get (178 downloads)

• time-server-analysis (144 downloads)

• time-server-analyzer (74 downloads)

• time-server-test (155 downloads)

• time-service-checker (151 downloads)

• aclient-sdk (120 downloads)

• acloud-client (5,496 downloads)

• acloud-clients (198 downloads)

• acloud-client-uses (294 downloads)

• alicloud-client (622 downloads)

• alicloud-client-sdk (206 downloads)

• amzclients-sdk (100 downloads)

• awscloud-clients-core (206 downloads)

• credential-python-sdk (1,155 downloads)

• enumer-iam (1,254 downloads)

• tclients-sdk (173 downloads)

• tcloud-python-sdks (98 downloads)

• tcloud-python-test (793 downloads)

These packages followed a two-phase approach. The first cluster facilitated data exfiltration to attacker-controlled servers, while the second posed as legitimate cloud SDKs for major providers, including Amazon Web Services, Alibaba Cloud, and Tencent Cloud. Attackers leveraged these dependencies to siphon credentials directly from compromised environments.

Figure 1.1 Gihtub Malicious PyPI Packages

Further investigation revealed that acloud-client, enumer-iam, and tcloud-python-test were referenced as dependencies in a GitHub project named accesskey_tools, which has 519 stars and 42 forks. A commit referencing tcloud-python-test dates back to November 8, 2023, suggesting that the package had remained undetected on PyPI for over a year.

This discovery aligns with a broader trend of malicious activity targeting open-source ecosystems. Researchers at Fortinet FortiGuard Labs recently uncovered thousands of suspicious packages across both PyPI and npm, many of which deploy malicious install scripts to communicate with command-and-control (C&C) servers.

Jenna Wang from Fortinet warned that 974 such packages contained URLs linked to data exfiltration, additional malware payloads, and other harmful actions. Attackers increasingly exploit open-source repositories to infiltrate developer environments and distribute malware at scale.

To mitigate risks associated with supply chain attacks, security experts recommend the following precautions:

• Scrutinize Dependencies: Verify the authenticity of third-party packages before installation.

• Monitor Network Traffic: Be vigilant about outgoing connections from developer environments.

• Use Package Allowlists: Limit installations to vetted and trusted sources.

• Regularly Audit Dependencies: Tools like dependency scanners can help detect malicious libraries before they cause harm.

The rapid rise in software supply chain attacks underscores the need for heightened vigilance among developers and security teams. Malicious packages can linger undetected in widely-used repositories for months, making proactive security measures essential. With cyber threats evolving rapidly, staying informed and implementing robust security best practices is crucial in safeguarding software development pipelines from exploitation.