Cybersecurity researchers identified a malicious package named chimera-sandbox-extensions on PyPI, intended to gather sensitive information from developers. This package disguises itself as a helper for Chimera Sandbox, a service from Grab. It targets corporate environments by stealing data like AWS tokens, CI/CD variables, and Jamf receipts from compromised devices. Once installed, it connects to a domain generated through a domain generation algorithm to exfiltrate the gathered information. The malware primarily aims at users of machine learning development tools, posing a significant risk to cloud infrastructure and macOS systems.
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.
The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox.
Collection
[
|
...
]