Poisoned Python and PHP packages purloin passwords for AWS access – Naked Security

A keen-eyed researcher at SANS just lately wrote a few new and somewhat particular kind of supply chain attack in opposition to open-source software program modules in Python and PHP.

Following on-line discussions a few suspicious public Python module, Yee Ching Tok famous {that a} bundle known as ctx within the common PyPi repository had all of the sudden obtained an “replace”, regardless of not in any other case being touched since late 2014.

In concept, in fact, there’s nothing fallacious with outdated packages all of the sudden coming again to life.

Sometimes, builders return to outdated initiatives when a lull of their common schedule (or a guilt-provoking e mail from a long-standing person) lastly offers them the impetus to use some long-overdue bug fixes.

In different instances, new maintainers step up in good religion to revive “abandonware” initiatives.

But packages can develop into victims of secretive takeovers, the place the password to the related account is hacked, stolen, reset or in any other case compromised, in order that the bundle turns into a beachhead for a brand new wave of provide chain assaults.

Simply put, some bundle “revivals” are performed totally in dangerous religion, to provide cybercriminals a car for pushing out malware underneath the guise of “safety updates” or “function enhancements”.

The attackers aren’t essentially concentrating on any particular customers of the bundle they compromise – typically, they’re merely watching and ready to see if anybody falls for their bundle bait-and-switch…

…at which level they’ve a approach to goal the customers or corporations that do.