PyPI Fixes High-Severity Access Control Issues Found in Security Audit
Malicious Ruby Gems and Go modules were discovered impersonating developer tools to steal credentials and compromise CI systems. The packages, published by GitHub account BufferZoneCorp, initially appeared benign but later activated malicious behaviors. These included credential theft, tampering with GitHub Actions, and establishing SSH persistence.
- ▪Malicious packages were published by the GitHub account BufferZoneCorp.
- ▪The packages acted as sleeper agents, appearing harmless before activating malicious code.
- ▪They were designed to steal secrets, tamper with GitHub Actions, and create fake Go wrappers.
- ▪Some packages also enabled SSH persistence to maintain access to compromised systems.
Opening excerpt (first ~120 words) tap to expand
.css-14sa009{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;height:var(--chakra-sizes-full);}.css-mezi7s{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;background:var(--chakra-colors-gray-950);--bg-currentcolor:var(--chakra-colors-gray-950);-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column;height:180px;margin-bottom:var(--chakra-spacing-2);overflow:hidden;place-content:center;}.css-1phd9a0{object-fit:cover;}.css-x8iw57{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:column;-ms-flex-direction:c…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Socket.
Discussion
0 commentsMore from Socket
