We identified 147 malicious PyPI packages performing credential theft.
Our automated monitoring system detected 147 typosquatted packages on PyPI that were stealing environment variables, SSH keys, and cloud credentials from developer machines. The packages mimicked popular libraries with subtle name variations and exfiltrated data to attacker-controlled endpoints. We worked with PyPI to remove all identified packages.