Chuck Darwin on Nostr: A malicious Python package named '#fabrice' has been present in the Python Package ...
A malicious Python package named '#fabrice' has been present in the Python Package Index (PyPI) since 2021, 🆘 stealing Amazon Web Services credentials from unsuspecting developers.
According to application security company Socket, ⚠️the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux.
The large number of downloads is accounted by fabrice #typosquatting the legitimate SSH remote server management package “fabric,” a very popular library with more than 200 million downloads.
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-with-37-000-downloads-steals-aws-keys/
According to application security company Socket, ⚠️the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux.
The large number of downloads is accounted by fabrice #typosquatting the legitimate SSH remote server management package “fabric,” a very popular library with more than 200 million downloads.
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-with-37-000-downloads-steals-aws-keys/