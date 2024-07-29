Cloud Security, Supply chain

Google Cloud credentials in macOS targeted by malicious PyPI package

Share
People walk past a Google Cloud logo

People walk in front of the Google Cloud’s booth during the day 3 of the Mobile World Congress 2023 at Fira Barcelona on March 1, 2023, in Barcelona, Spain. (Photo by Cesc Maymo/Getty Images)

Attacks leveraging the new malicious Python Package Index package dubbed "lr-utils-lib" have enabled the exfiltration of Google Cloud credentials from macOS systems, The Hacker News reports.

Such a package, which has been taken down after accumulating 59 downloads, initially verifies targeted systems to be macOS before checking the machines' Universally Unique Identifier and infiltrating files that have Google Cloud authentication details, which are then delivered to a remote server via HTTP, according to a Checkmarx report. Despite the identity of the actual threat actors remaining a mystery, researchers found that the package's owner matched a certain "Lucid Zenith" purporting to be the CEO of Apex Companies on LinkedIn, which may be indicative of social engineering used in the attack campaign. "While it is not clear whether this attack targeted individuals or enterprises, these kinds of attacks can significantly impact enterprises. While the initial compromise usually occurs on an individual developer's machine, the implications for enterprises can be substantial," said Checkmarx researcher Yehuda Gelb.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.