A malicious Python package posing as a harmless add-on for the Chimera sandbox environment, an integrated machine learning experimentation and development tool, is helping threat actors steal sensitive corporate credentials.
According to new research findings from software supply chain and DevOps company JFrog, the package “chimera-sandbox-extensions”, recently uploaded to the popular PyPI repository, contains a stealthy, multi-stage info-stealer.
“The detection of harmful packages, such as chimera-sandbox extensions, on PyPI highlights the significant and widespread risk posed by software supply chain attacks,” said Eric Schwake, director of Cybersecurity Strategy at Salt Security. “The primary threat lies in its ability to collect sensitive developer-related data, including credentials, configuration files, and especially AWS tokens and CI/CD environment variables.”
This poses a direct risk to corporate and cloud infrastructures, enabling attackers to maliciously access and possibly alter or steal large volumes of data through compromised API credentials, Schwake added.
