You are currently viewing Malicious Python Packages Uploaded Data to Publicly Exposed Endpoints

Malicious Python Packages Uploaded Data to Publicly Exposed Endpoints

Sonatype detected several malicious Python packages on the PyPI repository that have been stealing sensitive information, including AWS credentials, and uploading it to publicly exposed endpoints. Sonatype has reported the malicious packages to PyPI; the packages have been removed from the repository. More https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web