A dangerous Python package was recently found on the official Python Package Index (PyPI). It was named chimera-sandbox-extensions and disguised itself as a helpful tool for Chimera Sandbox, a legitimate open-source project used by developers to run AI experiments, especially on macOS. But in reality, this package was malware designed to steal sensitive information from users.
The package was discovered by the security research team at JFrog. As soon as they found out what it was doing, they reported it, and the package was taken down quickly. What stood out to the researchers was that the malware didn’t seem to target everyone, it was clearly aimed at people working in corporate environments, especially developers and DevOps teams using macOS.
As soon as the package was installed, it silently executed hidden code in the background. It used a technique called a Domain Generation Algorithm (DGA) to create and connect to random subdomains under the attacker’s domain, which was hosted on Cloudflare Workers. This connection was used to get a token, which then downloaded the second stage of the malware.
This second stage is where the real damage happened. The malware collected all kinds of sensitive data from the victim’s device. It grabbed AWS tokens, Git configuration files, environment variables used in CI/CD pipelines, Zscaler host details, and even Jamf receipts, which are used for managing Apple devices in enterprise networks. It also collected system info like the public IP address, username, and computer name.
All this stolen data was then sent back to the attacker through a POST request. But the attack didn’t end there. The malware had a smart feature, it allowed the attacker to decide whether or not to infect the system further. If the attacker thought the machine was from a high-value target, they could send more malicious code to do further spying or damage.
This shows that the attackers weren’t just throwing malware around randomly. They were focused on valuable targets, most likely developers, DevOps engineers, and IT staff who have access to important infrastructure and tools. According to JFrog, this kind of targeted approach makes the attack stand out from other open-source threats that usually go after a wide audience.
What makes this attack more dangerous is how well the malicious package was put together. It looked completely normal and could easily fool someone into thinking it was a real part of the Chimera Sandbox project. Developers who weren’t being cautious could have installed it without any red flags.
If you think you’ve installed this package, you should remove it immediately. Then, revoke and rotate any keys, credentials, or tokens used on your system, especially AWS, GitHub, or Jamf-related ones. Also, keep an eye out for unusual activity or processes on your machine.
This incident is another reminder of how serious supply chain attacks are becoming. Just one small fake package can lead to massive security issues. Always double-check packages, especially from public sources like PyPI, and use trusted tools to scan your dependencies.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
