Researchers discover that a popular Python library “ctx” and PHP package “phpass” have been compromised to steal developers' AWS keys and credentials
PyPI module ‘ctx’ that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack …
BleepingComputer Ax Sharma
Related Coverage
- View article BleepingComputer
- Malicious PyPI package opens backdoors on Windows, Linux, and Macs BleepingComputer · Bill Toulas
- PyPI package ‘ctx’ and PHP library ‘phpass’ compromised to steal environment variables Sonatype Blog · Ax Sharma
- Python libraries are being attacked for AWS keys TechRadar
- Open source packages with millions of installs hacked to harvest AWS credentials IT PRO · Connor Jones
- Popular Python and PHP software repo-jacked iTnews · Juha Saarinen
- Popular PyPI Package ‘ctx’ and PHP Library ‘phpass’ Hijacked to Steal AWS Keys The Hacker News · Ravie Lakshmanan
- PyPI Served Malicious Version of Popular ‘Ctx’ Python Package SecurityWeek · Eduard Kovacs
- README — This repository is a fork from the original hautelook/phpass which seems to have been deleted on 2021-09-09. Packagist · Jordi Boggiano
Discussion
-
@s0md3v
@s0md3v
on x
🚨 ALERT 🚨 Python's ctx library and a fork of PHP's phpass have been compromised. 3 million users combined. The malicious code sends all the environment variables to a heroku app, likely to mine AWS credentials.
-
@theprincessxena
@theprincessxena
on x
Be warned: Python's ctx library and the hautelook fork of phpass have been compromised. If you use those libraries, declare an incident, be prepared to rotate all credentials stored in environment variables and inform relevant data protection authorities about a possible breach. …
-
@sanjaykatkar
Sanjay Katkar
on x
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.> https://www.bleepingcomputer.com/ ... #Linux #CyberSecurity #infosec
-
@tomlawrencetech
Tom
on x
PyPI module ‘ctx’ that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. https://www.bleepingcomputer.com/ ...
-
@gossithedog
Kevin Beaumont
on x
Interesting supply chain hack unfolding via Python code library and PHP. Specifically posts AWS secret keys to a remote server. https://twitter.com/...