The Python package repository PyPI was discovered to be hosting malware and AWS keys. Tom Forbes, a software developer, created a Rust-based application that searched all new PyPI packages for AWS API keys. The tool returned 57 successful results, some from Louisiana University, Stanford, Portland, Amazon, Intel, and Stanford.
Forbes explains that his scanner searches for AWS keys in fresh releases from PyPI, HexPM, and RubyGems on a recurring basis using GitHub Actions. If it does, it creates a report containing the pertinent information and commits it to the AWS-cred-scanner repository.
According to Forbes’ article, “The report comprises the keys that have been found, as well as public link to the keys and additional metadata regarding the release.” Github’s Secret Scanning service engages because these keys have been uploaded to a public GitHub repository, alerting AWS that the keys have been compromised.
As per Forbes, “It relies on the specific rights granted to the key itself. Other keys I discovered in PyPI were root keys, which are equally permitted to perform any action. The key I discovered that was leaked by InfoSys in November had full admin access, meaning it can do anything. If these keys were stolen, an attacker would have unrestricted access to the associated AWS account.”
He claime
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: