Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS, CI/CD and macOS Data

A sophisticated malware campaign has emerged targeting the Python Package Index (PyPI) repository, with cybercriminals deploying weaponized packages designed to steal sensitive cloud infrastructure credentials and corporate data.

The malicious package, identified as “chimera-sandbox-extensions,” represents a new breed of supply chain attacks that specifically target enterprise environments rather than individual users.

The attack begins when unsuspecting developers install what appears to be a legitimate extension for the chimera-sandbox environment.

Upon installation, the malware initiates a complex multi-stage attack sequence that connects to command-and-control servers using a sophisticated domain generation algorithm.

Unlike traditional malware that casts a wide net, this threat actor demonstrates advanced targeting capabilities, focusing specifically on corporate and cloud infrastructure environments.

JFrog analysts identified the malicious package during routine monitoring of open-source repositories and promptly reported it to PyPI maintainers for removal.

The security researchers noted that the malware’s primary objective involves harvesting highly sensitive information including AWS authentication tokens, CI/CD pipeline credentials, JAMF configuration data, and Zscaler host settings.

This targeted approach suggests the attackers possess deep understanding of enterprise security architectures and cloud deployment patterns.

The stolen data is subsequently transmitted to attacker-controlled servers, where server-side logic determines whether to deploy additional payloads for further malicious activities.

This modular approach allows attackers to customize their response based on the value and configuration of compromised environments, making the threat particularly dangerous for organizations with significant cloud infrastructure investments.

Domain Generation Algorithm and Infection Mechanism

The malware employs a sophisticated CharStream class that generates pseudorandom domain names using a consistent seed value.

The algorithm begins with initialization parameters including seed value 0x1337 and creates ten potential command-and-control domains under the chimerasandbox.workers.dev infrastructure.

class CharStream:
    def __init__(self, seed: int = 0x1337, width: int = 10):
        self.S, self.width = list(range(256)), width
        self.state = seed & 0xFFFF
        self.charset = string.ascii_lowercase + string.digits

The algorithm generates domains like “twdtsgc8iuryd0iu.chimerasandbox.workers.dev/auth” through complex bit manipulation and array shuffling, ensuring consistent domain generation while maintaining operational security through pseudorandomization.

Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access