⚠️🧵 RL researchers detected a new malicious campaign targeting #PyPI users. Several packages are pretending to be "time" related utilities, but are actually used to steal sensitive data like cloud tokens.
1
19
44
8K
13
Download Image
The campaign consists of 2 groups of packages. 1st group consists of "time" related packages that are used to upload data to threat actor’s infrastructure. 2nd group consists of packages implementing cloud client functionalities for several services, but additionally use "time" related packages to exfiltrate cloud related secrets.
