Open-source software repositories such as the Python Package Index (PyPI) are integral to modern software development, enabling developers worldwide to seamlessly integrate third-party libraries into their projects.
However, the growing reliance on these repositories has made them a lucrative attack vector for cybercriminals aiming to compromise software supply chains.
According to the Report, security experts from the JFrog Security Research team have exposed a highly sophisticated malicious package, “chimera-sandbox-extensions,” that was surreptitiously uploaded to PyPI and designed to exfiltrate sensitive enterprise credentials, including AWS tokens, CI/CD secrets, and JAMF configuration data.
Supply Chain Under Siege
The malicious package, attributed to a user “chimerai,” was engineered to specifically target users and organizations utilizing the “chimera-sandbox” environment. Upon installation and execution, the package initiates a multi-stage attack.
Its initial payload leverages a custom Domain Generation Algorithm (DGA) implemented in Python to produce a set of pseudorandom subdomains under the “chimerasandbox.workers.dev” domain.
This DGA, seeded and consistently generating ten unique subdomains per session, is designed to evade traditional static detection mechanisms and ensure the attacker’s command-and-control infrastructure remains resilient and difficult to dismantle.
At runtime, the package’s primary function, check_update(), systematically iterates through the generated domains in search of an active endpoint.
Once a live subdomain is identified, the malware authenticates itself and retrieves a secondary, Python-based payload designed for credential theft.
This payload operates as an advanced infostealer, harvesting a wide array of sensitive information from the host system.
Targeted Attacks Exfiltrate Cloud
Specifically, it seeks out AWS tokens, JAMF receipts, Pod sandbox authentication tokens, CI/CD environment variables, Zscaler configurations, and additional host metadata.
This approach represents a shift from opportunistic data theft to highly targeted exfiltration of information critical to enterprise security and cloud operations.
Exfiltrated data is encoded in a structured JSON format and transmitted to the attacker-controlled infrastructure via HTTPS POST requests.
The server, upon successful receipt and validation of the stolen information, retains the ability to deploy additional payloads for further exploitation, although the captured samples terminated execution after data exfiltration, leaving the possibility of subsequent attacks open.
JFrog’s security team acted swiftly upon discovery, utilizing automated monitoring tools to analyze anomalous behaviors within PyPI repositories.
After confirming the malicious nature of “chimera-sandbox-extensions,” researchers immediately notified PyPI maintainers, leading to the rapid removal of the package from the repository and mitigating further risk to the developer community.
This incident underscores the escalating threat posed by weaponized open-source packages and the critical need for continuous vigilance, automated repository monitoring, and rapid incident response within the software supply chain.
It also highlights a remarkable increase in the sophistication of attacks, where adversaries deploy mechanisms such as dynamic DGAs, multi-stage payload delivery, and cloud-targeted infostealers.
Organizations are urged to implement rigorous supply chain security measures, regularly audit their dependencies, and maintain an active security posture to defend against emerging threats in the open-source ecosystem.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
