Cybersecurity researchers at Socket Security have discovered a malicious Python package called "Fabrice" on PyPI, which has been covertly stealing AWS credentials from developers for three years. The malware, downloaded over 37,000 times since 2021, mimics the legitimate "fabric" library, a popular tool for SSH command execution with over 202 million downloads. This deception, known as typosquatting, relies on users accidentally typing "Fabrice" instead of "fabric," thereby unknowingly installing the malicious package. Continue here.
If you do need a website security audit or your business needs a red team for real life attack simulation, please Contact us. We would give you the best in quality and the most affordable you would get on the market place. Enjoy our 100% refundable deals. You can’t loose let’s talk about your project.
Kindly reach out on WhatsApp directly and let’s make this decision your most important and best investment post 3 years.
Disclaimer: Full credit to the writer, and the associates.