Recent findings by JFrog reveal a malicious Python package named 'chimera-sandbox-extensions' masquerading as a safe add-on for the Chimera sandbox environment. This stealthy, multi-stage info-stealer is designed to harvest sensitive corporate data, including developer credentials and CI/CD variables. Eric Schwake, director of Cybersecurity Strategy at Salt Security, emphasizes the substantial risks these harmful packages pose to software supply chains, especially given their capability to compromise critical API credentials, potentially leading to significant breaches in corporate and cloud infrastructures.
The detection of harmful packages, such as chimera-sandbox extensions, on PyPI highlights the significant and widespread risk posed by software supply chain attacks.
The primary threat lies in its ability to collect sensitive developer-related data, including credentials, configuration files, and especially AWS tokens and CI/CD environment variables.
Collection
[
|
...
]