MSSP, Identity, Malware

Malicious PyPI Package Targets Google Cloud Creds in macOS

Share
Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

Attackers are leveraging the new malicious Python Package Index package, dubbed "lr-utils-lib", to exfiltrate Google Cloud credentials from macOS systems, The Hacker News reported.

Such a package, which has been taken down after accumulating 59 downloads, initially verifies targeted systems to be macOS before checking the machines' Universally Unique Identifier and infiltrating files that have Google Cloud authentication details, which are then delivered to a remote server via HTTP, according to a Checkmarx report.

While the identity of the actual threat actors remains a mystery, researchers found that the package's owner matched a certain "Lucid Zenith" purporting to be the CEO of Apex Companies on LinkedIn, which may be indicative of social engineering used in the attack campaign.

"While it is not clear whether this attack targeted individuals or enterprises, these kinds of attacks can significantly impact enterprises. While the initial compromise usually occurs on an individual developer's machine, the implications for enterprises can be substantial," said Checkmarx researcher Yehuda Gelb.

An In-Depth Guide to Identity

Get essential knowledge and practical strategies to fortify your identity security.

You can skip this ad in 5 seconds