A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-with-37-000-downloads-steals-aws-keys/
BleepingComputer /
npub1j7…v7hg2
2024-11-09 15:18:13
Author Public Key
npub1j7dz37jrwqhehe8ydzpk5kcjpnzzv53h7s54lj62nv5w9fcar34suv7hg2Published at
2024-11-09 15:18:13Event JSON
{
"id": "bc40d69c371c05043397b082bcb0331bf8f46221b3399899bb23485a1d010fa6",
"pubkey": "979a28fa43702f9be4e468836a5b120cc4265237f4295fcb4a9b28e2a71d1c6b",
"created_at": 1731165493,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/BleepingComputer/statuses/113453661767922547",
"activitypub"
]
],
"content": "A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.\n\nhttps://www.bleepingcomputer.com/news/security/malicious-pypi-package-with-37-000-downloads-steals-aws-keys/",
"sig": "169753823269099313a94e34626e7ae9aa6bfc11c31504036999f0ea383f46b6c3198ceccf61ae5dfd9b90c125c5293af9817c95d12196f5d550b7ac6ecd1232"
}