Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
July 27, 2024 at 02:00AM Cybersecurity researchers found a malicious package “lr-utils-lib” on the Python Package Index, targeting specific Apple macOS systems to steal Google Cloud credentials. It checks for macOS, compares UUID against hardcoded hashes, and harvests Google Cloud data. The captured info is sent to a remote server. Social engineering tactics suggest a … Read more