Beware of the malicious chimera-sandbox-extensions package that was uploaded to PyPI by the user chimerai, as it tries to steal credentials and other sensitive information.A targeted attack on a PyPI malicious package: Beware of the malicious chimera-sandbox-extensions PyPI package, as it tries to steal credentials and employs a unique multi-stage targeted payload.

JFrog is a leading provider of DevOps and software distribution solutions, offering tools for artifact management, continuous integration, and binary repositories. Developers can learn about software delivery pipelines, artifact management best practices, and CI/CD automation to accelerate their software delivery process and ensure reliable and secure software releases using JFrog's platform.

JFrog

JFrog Security Research discovered a sophisticated malicious PyPI package called 'chimera-sandbox-extensions' that targets Chimera Sandbox users through a multi-stage attack. The malware uses a domain generation algorithm to connect to command-and-control servers, steals sensitive corporate data including AWS tokens, CI/CD variables, and JAMF configurations, then downloads additional payloads for further exploitation. This targeted attack demonstrates advanced techniques beyond typical package repository threats.

Multi-Stage Malware Attack on PyPI: “chimera-sandbox-extensions” Malicious Package Threatens Chimera Sandbox Users