Resources Blog This Week in Malware — Show me your secrets!

This Week in Malware — Show me your secrets!

This week in malware, highlights include malicious Python packages that not only exfiltrate your secrets — AWS credentials and environment variables but rather upload these to a publicly exposed endpoint. Also stated below are some more dependency confusion packages caught by us.

Python packages upload your AWS keys, env vars to the web

Multiple Python packages caught by Sonatype this month upload your AWS credentials and environment variables to a publicly exposed endpoint.

These malicious packages, assigned sonatype-2022-3475 and sonatype-2022-3546 are:

Analyzed by Sonatype security researchers Jorge Cardona and Carlos Fernández, some of these packages either contain code that reads and exfiltrates your secrets or use one of the dependencies that will do the job.

Read the dedicated blog post on the topic to learn more.

Dependency confusion packages

This week's dependency confusion findings include npm packages:


Sonatype Repository Firewall users remain protected

This discovery follows our last week's report of several dozen malicious packages including npm package 'flame-vali' that attempted to disable Windows Defender multiple times before dropping a trojan.

Sonatype remains at the forefront of timely discoveries and reporting attacks targeting OSS developers, like the ones discussed above.

Users of Sonatype Repository Firewall can rest easy knowing that such malicious packages would automatically be blocked from reaching their development builds.

article - repo firewall flowchart

Sonatype Repository Firewall instances will automatically quarantine any suspicious components detected by our automated malware detection systems while a manual review by a researcher is in the works, thereby keeping your software supply chain protected from the start.

Sonatype's world-class security research data, combined with our automated malware detection technology safeguards your developers, customers, and software supply chain from infections.

Picture of Ax Sharma

Written by Ax Sharma

Ax is a Staff Security Researcher & Malware Analyst at Sonatype with a penchant for open source software. His works and expert analyses have frequently been featured by leading infosec. media outlets. Ax's expertise lies in security vulnerability research, reverse engineering, and software development. In his spare time, he loves exploiting vulnerabilities ethically and educating a wide range of audiences through writing and vlogs.