"Malicious PyPI Package Targets macOS"
1. Malicious Python package "lr-utils-lib" targeted macOS systems to steal Google Cloud credentials.
2. The package, uploaded in June 2024, had 59 downloads before removal.
3. It checks macOS UUIDs against a predefined list and attempts to harvest credentials from specific machines.
4. Captured data is sent to a remote server at "europe-west2-workload-422915[.]cloudfunctions[.]net."
5. The campaign reflects sophisticated targeting and possible social engineering elements, similar to previous attacks.
#pypi #Malware #macOS #GoogleCloud #CyberSecurity #PythonPackage #InfoSec #CredentialTheft #SocialEngineering #SupplyChainAttack #Checkmarx #ThreatActors #CyberThreats #SoftwareSecurity
1. Malicious Python package "lr-utils-lib" targeted macOS systems to steal Google Cloud credentials.
2. The package, uploaded in June 2024, had 59 downloads before removal.
3. It checks macOS UUIDs against a predefined list and attempts to harvest credentials from specific machines.
4. Captured data is sent to a remote server at "europe-west2-workload-422915[.]cloudfunctions[.]net."
5. The campaign reflects sophisticated targeting and possible social engineering elements, similar to previous attacks.
#pypi #Malware #macOS #GoogleCloud #CyberSecurity #PythonPackage #InfoSec #CredentialTheft #SocialEngineering #SupplyChainAttack #Checkmarx #ThreatActors #CyberThreats #SoftwareSecurity