Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS Tokens and Sensitive Data

The JFrog Security Research team has uncovered a sophisticated malicious package named “chimera-sandbox-extensions” on the Python Package Index (PyPI), a widely used repository for Python software.

Uploaded by a user identified as “chimerai,” this package was designed to exploit unsuspecting developers by targeting users of the chimera-sandbox environment, aiming to harvest sensitive credentials and critical data, including AWS tokens, Jamf configurations, and CI/CD environment variables.

This discovery underscores the growing threat of software supply chain attacks, where malicious actors weaponize seemingly legitimate packages to infiltrate systems and exfiltrate valuable information.

– Advertisement –

Malicious Package Targets Corporate

The “chimera-sandbox-extensions” package employs a highly intricate payload delivery system, initiating its attack through a function called check_update() upon installation.

This function leverages a pseudorandom Domain Generation Algorithm (DGA) within the CharStream class to create a series of domains, attempting connections to ten dynamically generated URLs under the “chimerasandbox.workers.dev” subdomain.

Only one of these domains specifically “twdtsgc8iuryd0iu.chimerasandbox.workers.dev/auth” proved active during analysis.

Upon successful connection, the malware retrieves an authentication token and subsequently downloads a Python-based infostealer payload from the same domain’s /check endpoint.

This payload executes automatically, targeting a wide array of sensitive data unique to corporate and cloud environments, including JAMF receipts, Pod sandbox authentication tokens, Zscaler host configurations, and general platform information.

Data Exfiltration Tactics

The stolen data is then formatted into a JSON structure and transmitted back to the malicious domain via a POST request, where server-side logic evaluates the information to potentially deploy further payloads for escalated attacks.

Although the final payload in this instance was not fully activated, the immediate execution capability of subsequent downloads highlights the severe risk posed by such threats.

The depth of this attack lies in its targeted approach and technical sophistication.

Unlike generic data-stealing malware, this infostealer focuses on infrastructure-specific information, clearly aiming to compromise corporate networks and cloud platforms.

The use of a consistent seed in the DGA ensures predictable domain generation, allowing attackers to maintain control over communication channels while evading detection through randomization.

Once the initial payload is executed, the malware’s ability to probe the host environment using the get_execution_context() function and relay detailed host information back to the command-and-control server demonstrates a multi-stage attack designed for persistence and adaptability.

The JFrog team’s swift detection and reporting to PyPI maintainers led to the package’s removal, but the incident serves as a stark warning of the ongoing dangers in open-source repositories.

Developers and organizations must adopt rigorous security practices, including package vetting and continuous monitoring, to safeguard against such insidious supply chain exploits.

This event not only reveals the technical prowess of modern cybercriminals but also emphasizes the critical need for collaborative vigilance in securing the software ecosystem against evolving threats.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates