skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Malicious PyPI Package Fabrice Targets AWS Credentials

/ 1 min read

Malicious PyPI package “fabrice” exfiltrates AWS credentials. Cybersecurity researchers have identified a malicious package named “fabrice” on the Python Package Index (PyPI) that has been downloaded over 37,100 times since its release in March 2021. This package typosquats the legitimate library “fabric” and is designed to steal Amazon Web Services (AWS) credentials by executing various payloads based on the operating system. The attack exploits the trust in the original library, targeting both Linux and Windows systems to gain unauthorized access to sensitive cloud resources.