Skip to content

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

  • by

​Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers’ Amazon Web Services (AWS) credentials.
The package in question is “fabrice,” which typosquats a popular Python library known as “fabric,” which is designed to execute shell commands remotely over Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers’ Amazon Web Services (AWS) credentials.
The package in question is “fabrice,” which typosquats a popular Python library known as “fabric,” which is designed to execute shell commands remotely over  The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *