Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

PyPI Malware Steals AWS, CI/CD, macOS Data

June 16, 2025
Reading Time: 2 mins read
in Alerts
PyPI Malware Steals AWS, CI/CD, macOS Data

Cybersecurity researchers have uncovered a new threat lurking on the Python Package Index (PyPI) repository: a malicious package designed to steal sensitive developer information. This package, named chimera-sandbox-extensions, was downloaded 143 times and likely tricked users of Grab’s “Chimera Sandbox” service. Disguised as a helpful module, its true intent is to pilfer credentials, configuration data, and environment variables, including those related to Jamf, CI/CD pipelines, and AWS.

Upon installation, the malware employs a sophisticated technique, using a domain generation algorithm (DGA) to connect to an external server.

From this server, it downloads an authentication token, which then facilitates the retrieval of a Python-based information stealer. This stealer is a formidable tool, capable of siphoning a wide array of data from compromised systems. This includes Jamf receipts (indicating macOS targeting), Pod sandbox environment tokens, CI/CD variables, Zscaler configurations, and sensitive Amazon Web Services account details.

The breadth of data collected strongly suggests a focus on corporate and cloud infrastructure.

The stolen information is then sent back to the attacker’s domain, where the server seemingly evaluates whether the compromised machine is a valuable target for further exploitation. According to JFrog security researchers, the multi-stage and highly targeted nature of this malware distinguishes it from more common open-source threats, highlighting a concerning advancement in malicious package sophistication. This incident, alongside the recent discovery of malware-laced npm packages like eslint-config-airbnb-compat and solders, underscores the escalating risks in the software supply chain.

Beyond credential theft, the open-source supply chain is also facing a rise in cryptocurrency-related malware, including credential stealers, cryptocurrency drainers, cryptojackers, and clippers. Furthermore, the emergence of AI-assisted coding has introduced a novel threat called slopsquatting. This phenomenon occurs when large language models (LLMs) “hallucinate” plausible but non-existent package names. Malicious actors can then register these names on public registries, creating an opportunity for supply chain attacks if developers or AI agents attempt to install them.

Reference:

  • Malicious PyPI package steals AWS, CI/CD, and macOS data by masquerading as Chimera module.
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJune 2025
ADVERTISEMENT

Related Posts

Scattered Spider Hits ESXi Servers

Scattered Spider Hits ESXi Servers

July 28, 2025
Scattered Spider Hits ESXi Servers

Malware Hides in Fake Dating Apps

July 28, 2025
Scattered Spider Hits ESXi Servers

Post SMTP Bug Exposes 200K Sites

July 28, 2025
Infostealer Hidden in Steam Game

Sophos, SonicWall Patch Critical RCE Bugs

July 25, 2025
Infostealer Hidden in Steam Game

CastleLoader Uses Clickfix on Windows

July 25, 2025
Infostealer Hidden in Steam Game

Koske Malware Hides in Panda Images

July 25, 2025

Latest Alerts

Post SMTP Bug Exposes 200K Sites

Malware Hides in Fake Dating Apps

Scattered Spider Hits ESXi Servers

CastleLoader Uses Clickfix on Windows

Sophos, SonicWall Patch Critical RCE Bugs

Koske Malware Hides in Panda Images

Subscribe to our newsletter

    Latest Incidents

    Cyberattack Hits French Naval Group

    Tea App Leak Exposes 13K Women Users

    Allianz Life Data Breach Hits Majority

    Hackers Target Amazon’s AI Code Bot

    Infostealer Hidden in Steam Game

    APTs Use Fake Dalai Lama Apps to Spy

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial