Malignant Pypi packages have stolen Cloud token -over 14,100 downloads before removing

March 15, 2025Ravie Lakshmanan Malware / supply chain security

Cybersecurity researchers have warned of a malicious campaign that camouflage the users of the Python Package Index (Pypi) -spopository with false libraries as a “time” incorporation company but accommodate hidden functions to steal sensitive data such as cloud access materials.

The software Supply Chain Security Company Reversinglabs indicated that they can discover two sets of packages with a total of 20 of them. The packages were downloaded over 14,100 times cumulatively –

• Snapshot-Photo (2,448 downloads)
• Time test server (316 downloads)
• Time test server-get (178 downloads)
• Time server analysis (144 downloads)
• Time server analyzer (74 downloads)
• Zeit server test (155 downloads)
• Time recruitment test (151 downloads)
• Aclient-SDK (120 downloads)
• Acloud client (5,496 downloads)
• Acloud clients (198 downloads)
• Acloud Client use (294 downloads)
• Alicloud client (622 downloads)
• Alicloud Client-SDK (206 downloads)
• Amzclients-SDK (100 downloads)
• AWScloud Client-Core (206 downloads)
• Credential python-SDK (1,155 downloads)
• Enumer-diam (1,254 downloads)
• Tclients-SDK (173 downloads)
• TCloud python-Sdks (98 downloads)
• TCloud python test (793 downloads)

While the first sentence refers to packages that are used to upload data into the infrastructure of the threat actor, the second cluster consists of packages that implement Cloud Client functions for several services such as Alibaba Cloud, Amazon Web Services and Tencent Cloud.

But they also used “time” related packages to peel cloud secrets. All identified packages have already been removed from Pypi after the letter.

Further analyzes have shown that three of the packages, Acloud client, enumer-diam and TCloud python test, are listed as dependencies of a relatively popular Github project called accesskey_tools, which has appeared 42 times and started 519 times.

On November 8, 2023, a source code comment was carried out on TCloud python test, which points out that the package has been downloaded to Pypi since then. The package has so far been downloaded 793 times per statistics from pepy.tech.

The disclosure takes place, as Fortinet Fortiguard Labs said that it has discovered thousands of packages in PYPI and NPM, some of which embeds some suspicious installation scripts in order to provide malicious code during installation or to communicate with external servers.

“Suspicious URLs are an important indicator of potentially malicious packages, since they are often used for downloading additional payloads or to determine communication with command and control (C&C) inverses, which receives attackers to control infected systems,” said Jenna Wang.

“In 974 packages, such URLs are associated with the risk of data penalty, other malware downloads and other malicious actions. It is crucial to check and monitor external URLs in package dependencies to prevent exploitation.”