-= Per source details. Do not edit below this line.=-
Attack targeted at users of Alibaba, AWS and Telegram via malicious packages published to PyPI.
The malicious code was hidden in strategicly chosen functions and would only trigger when these functions were called. The malicious code does not automatically run on install or import, helping the packages evade detection.
{ "iocs": { "urls": [ "https://api.aliyun-sdk-requests.xyz/tencent", "https://api.aliyun-sdk-requests.xyz/aliyun", "https://api.aliyun-sdk-requests.xyz/aws", "https://tg.aliyun-sdk-requests.xyz/telegram" ] }, "malicious-packages-origins": [ { "modified_time": "2023-10-13T03:23:13Z", "import_time": "2023-10-13T03:24:19.496576701Z", "ranges": [ { "events": [ { "introduced": "0" } ], "type": "ECOSYSTEM" } ], "source": "google-open-source-security", "sha256": "456242a426a17eeaca869a5f00ee2f02d837dec5bba7da9240b6bec77c0ae8a8" } ] }