Malicious Python Package Index steals Amazon Web Services credentials

Socket cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI). Over the past three years, this package has seen 37,000 downloads and has exfiltrated users’ Amazon Web Services (AWS) credentials. The package is a typosquat package of the well known ‘fabric’ SSH library and is called ‘fabrice.’

Rom Carmel, Co-Founder and CEO at Apono, states, “Malicious actors continue to find success by putting malicious software packages out into the developer community, playing a numbers game that a percentage of developers will make the very human mistake of choosing the wrong package for their code. 

“While methods like improving security awareness education and implementing processes for secure coding can go a long way in helping developers to make more secure decisions, like we see with phishing, security teams need to take steps to secure their organizations from an assumed breach approach. 

“Protecting your organization once credentials are compromised, like we see on a near daily basis, we need to think in terms of defense-in-depth. That means implementing not only MFA, but reducing the blast radius from an account takeover in terms of the availability of access and the scope of privileges that attackers can use.”