Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Malicious PyPI Packages Stole Cloud Access Tokens Through Over 14,100 Downloads Before Removal
Malware and Vulnerabilities
March 17, 2025
The Hacker News
Cybersecurity researchers have warned of a malicious campaign targeting users of the PyPI repository with fake libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens.
Read More
Malicious PyPI packages
Access Tokens
Cloud Environments
Data exfiltration
Amazon Web Services (AWS)
Publisher
Previous
Volt Typhoon Accessed US OT Network for Nearly a Year
Incident Response, Learnings
Next
Crypto Traps, Fake Giveaways Trick Victims During Ramad ...
Identity Theft, Fraud, Scams
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_210791653.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/9a84_shutterstock_166320611.jpg)
