{"id":1580167,"date":"2025-03-15T05:48:15","date_gmt":"2025-03-15T07:48:15","guid":{"rendered":"https:\/\/teknomers.com\/fr\/les-packages-pypi-malveillants-ont-vole-des-jetons-nuageux-sur-14-100-telechargements-avant-le-retrait\/"},"modified":"2025-03-15T05:48:19","modified_gmt":"2025-03-15T07:48:19","slug":"les-packages-pypi-malveillants-ont-vole-des-jetons-nuageux-sur-14-100-telechargements-avant-le-retrait","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/les-packages-pypi-malveillants-ont-vole-des-jetons-nuageux-sur-14-100-telechargements-avant-le-retrait\/","title":{"rendered":"Les packages PYPI malveillants ont vol\u00e9 des jetons nuageux &#8211; sur 14 100 t\u00e9l\u00e9chargements avant le retrait"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">15 mars 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">  S\u00e9curit\u00e9 de logiciels malveillants \/ de la cha\u00eene d&#8217;approvisionnement<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/Les-packages-PYPI-malveillants-ont-vole-des-jetons-nuageux.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Les chercheurs en cybers\u00e9curit\u00e9 ont mis en garde contre une campagne malveillante ciblant les utilisateurs du r\u00e9f\u00e9rentiel Python Package Index (PYPI) avec des biblioth\u00e8ques fausses d\u00e9guis\u00e9es comme des utilitaires li\u00e9s \u00e0 &#8220;temps&#8221;, mais en h\u00e9bergeant des fonctionnalit\u00e9s cach\u00e9es pour voler des donn\u00e9es sensibles telles que les jetons d&#8217;acc\u00e8s cloud.<\/p>\n<p>Soci\u00e9t\u00e9 de s\u00e9curit\u00e9 de la cha\u00eene d&#8217;approvisionnement REVERSINGLABS <a rel=\"noopener nofollow\" href=\"https:\/\/x.com\/ReversingLabs\/status\/1900198602242204003\" target=\"_blank\">dit<\/a> Il a d\u00e9couvert deux ensembles de packages totalisant 20 d&#8217;entre eux. Les packages ont \u00e9t\u00e9 t\u00e9l\u00e9charg\u00e9s cumulativement plus de 14 100 fois &#8211;<\/p>\n<ul>\n<li>Snapshot-Photo (2 448 t\u00e9l\u00e9chargements)<\/li>\n<li>Time-Check-Server (316 t\u00e9l\u00e9chargements)<\/li>\n<li>Time-Check-Server-get (178 t\u00e9l\u00e9chargements)<\/li>\n<li>Analyse temporelle (144 t\u00e9l\u00e9chargements)<\/li>\n<li>Time-Server-Analyzer (74 t\u00e9l\u00e9chargements)<\/li>\n<li>Test-serveur (155 t\u00e9l\u00e9chargements)<\/li>\n<li>Time-Service-Checker (151 t\u00e9l\u00e9chargements)<\/li>\n<\/ul>\n<ul>\n<li>ACLIENT-SDK (120 t\u00e9l\u00e9chargements)<\/li>\n<li>ACloud-Client (5 496 t\u00e9l\u00e9chargements)<\/li>\n<li>acloud-Clients (198 t\u00e9l\u00e9chargements)<\/li>\n<li>ACLOUD-CLIENT-USES (294 t\u00e9l\u00e9chargements)<\/li>\n<li>Alicloud-Client (622 t\u00e9l\u00e9chargements)<\/li>\n<li>Alicloud-Client-Sdk (206 t\u00e9l\u00e9chargements)<\/li>\n<li>AmzClients-sdk (100 t\u00e9l\u00e9chargements)<\/li>\n<li>Awscloud-Clients-core (206 t\u00e9l\u00e9chargements)<\/li>\n<li>Prise de identification-python-sdk (1 155 t\u00e9l\u00e9chargements)<\/li>\n<li>Enumer-IAM (1 254 t\u00e9l\u00e9chargements)<\/li>\n<li>TCIENTS-SDK (173 t\u00e9l\u00e9chargements)<\/li>\n<li>tcloud-python-sdks (98 t\u00e9l\u00e9chargements)<\/li>\n<li>Tcloud-Python-Test (793 t\u00e9l\u00e9chargements)<\/li>\n<\/ul>\n<p>Bien que le premier ensemble se rapporte aux packages utilis\u00e9s pour t\u00e9l\u00e9charger des donn\u00e9es sur l&#8217;infrastructure de l&#8217;acteur de menace, le deuxi\u00e8me cluster se compose de packages impl\u00e9mentant les fonctionnalit\u00e9s du client cloud pour plusieurs services comme Alibaba Cloud, Amazon Web Services et Tencent Cloud. <\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/cis-securesuite\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/1740818990_705_Mozilla-met-a-jour-les-termes-de-Firefox-apres-le.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Mais ils ont \u00e9galement utilis\u00e9 des packages li\u00e9s \u00e0 &#8220;Time&#8221; pour exfiltrer les secrets de cloud. Tous les packages identifi\u00e9s ont d\u00e9j\u00e0 \u00e9t\u00e9 supprim\u00e9s de PYPI comme \u00e9crivant.<\/p>\n<p>Une analyse plus approfondie a r\u00e9v\u00e9l\u00e9 que trois des packages, <a rel=\"noopener nofollow\" href=\"https:\/\/github.com\/kohlersbtuh15\/accesskey_tools\/blob\/main\/aliyun\/requirements.txt\" target=\"_blank\">acloud-client<\/a>, <a rel=\"noopener nofollow\" href=\"https:\/\/github.com\/kohlersbtuh15\/accesskey_tools\/blob\/main\/aws\/requirements.txt\" target=\"_blank\">Enumer-IAM<\/a>et <a rel=\"noopener nofollow\" href=\"https:\/\/github.com\/kohlersbtuh15\/accesskey_tools\/blob\/main\/tencentcloud\/requirements.txt\" target=\"_blank\">tcloud-python-test<\/a>a \u00e9t\u00e9 r\u00e9pertori\u00e9 comme les d\u00e9pendances d&#8217;un projet Github relativement populaire nomm\u00e9 <a rel=\"noopener nofollow\" href=\"https:\/\/github.com\/kohlersbtuh15\/accesskey_tools\" target=\"_blank\">AccessKey_Tools<\/a> Cela a \u00e9t\u00e9 fourchu 42 fois et a jou\u00e9 519 fois.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/1742024895_51_Les-packages-PYPI-malveillants-ont-vole-des-jetons-nuageux.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/1742024895_51_Les-packages-PYPI-malveillants-ont-vole-des-jetons-nuageux.png\" alt=\"Packages PYPI malveillants\" border=\"0\" data-original-height=\"788\" data-original-width=\"1339\" title=\"Packages PYPI malveillants\"\/><\/a><\/div>\n<p>Un test de code source r\u00e9f\u00e9ren\u00e7ant le Tcloud-Python-Test a \u00e9t\u00e9 fait le 8 novembre 2023, indiquant que le package est disponible en t\u00e9l\u00e9chargement sur PYPI depuis lors. Le package a \u00e9t\u00e9 t\u00e9l\u00e9charg\u00e9 793 fois \u00e0 ce jour, selon les statistiques de Pepy.tech.<\/p>\n<p>La divulgation survient alors que Fortinet Fortiguard Labs a d\u00e9clar\u00e9 avoir d\u00e9couvert des milliers de packages \u00e0 travers le PYPI et le NPM, dont certains ont \u00e9t\u00e9 trouv\u00e9s pour int\u00e9grer des scripts d&#8217;installation suspects con\u00e7us pour d\u00e9ployer du code malveillant lors de l&#8217;installation ou communiquer avec des serveurs externes.<\/p>\n<p>&#8220;Les URL suspectes sont un indicateur cl\u00e9 de packages potentiellement malveillants, car ils sont souvent utilis\u00e9s pour t\u00e9l\u00e9charger des charges utiles suppl\u00e9mentaires ou \u00e9tablir une communication avec les serveurs de commandement et de contr\u00f4le (C&#038;C), donnant aux attaquants le contr\u00f4le des syst\u00e8mes infect\u00e9s&#8221;, Jenna Wang <a rel=\"noopener nofollow\" href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/fortinet-identifies-malicious-packages-in-the-wild-insights-and-trends\" target=\"_blank\">dit<\/a>.<\/p>\n<p>&#8220;Dans 974 packages, ces URL sont li\u00e9es au risque d&#8217;exfiltration de donn\u00e9es, \u00e0 d&#8217;autres t\u00e9l\u00e9chargements de logiciels malveillants et \u00e0 d&#8217;autres actions malveillantes. Il est crucial de examiner et de surveiller les URL externes dans les d\u00e9pendances de package pour emp\u00eacher l&#8217;exploitation.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/03\/malicious-pypi-packages-stole-cloud.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80215 mars 2025\ue804Ravie Lakshmanan S\u00e9curit\u00e9 de logiciels malveillants \/ de la cha\u00eene d&#8217;approvisionnement Les chercheurs en cybers\u00e9curit\u00e9 ont mis en garde contre une campagne malveillante ciblant les utilisateurs du r\u00e9f\u00e9rentiel Python Package Index (PYPI) avec des biblioth\u00e8ques fausses d\u00e9guis\u00e9es comme des utilitaires li\u00e9s \u00e0 &#8220;temps&#8221;, mais en h\u00e9bergeant des fonctionnalit\u00e9s cach\u00e9es pour voler des donn\u00e9es [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1580168,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[274266,274265,292,4168,79002,274264,4161,274263,6124,133,50440,65,4590,274267,4160,45451,249,7309,69497,4932,238617,246491,4172,60,67468,79016,4166,1661,4164],"class_list":["post-1580167","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-avant","tag-comment-pirater","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-des","tag-jetons","tag-les","tag-malveillants","tag-malware-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nuageux","tag-ont","tag-packages","tag-pypi","tag-retrait","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-sur","tag-telechargements","tag-the-hacker-news","tag-violation-de-donnees","tag-vole","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1580167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1580167"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1580167\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1580168"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1580167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1580167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1580167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}