exotel
exotel PyPI package compromised via phishing.
The PyPI account for the exotel package maintainer was compromised during the JuiceLedger phishing campaign. Attackers uploaded version 0.1.6 with installation code that downloaded and executed infostealer malware, making a niche Python client a clean-looking vessel for credential theft across developer workstations.
- Date
- 2022-08-01 to 2022-08-31
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Data Exfiltration
- Cause
- Compromised Account/Credentials
What Was Affected
Package
exotel
LanguagePython
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
pypi.org
Repository
github.com/exotel/exotel-python
Compromised Versions
Incident Context
- Motive
- Credential Theft
- Attribution
- Cybercriminal Gang
- Transitive
- No
- User Impact
- 480000
- Observed Duration
- 30 days
Evidence
Compromised Artifacts
- pypi.org/project/exotel/0.1.6
- files.pythonhosted.org/packages/00/11/8be2e89e8e27dcd7fb53ea71c47a4bf99c5bec48c8d4ab7d6eeb1fc47c3/exotel-0.1.6.tar.gz
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:fbb13333b05eaab13d5d4810f92dbd5dfc4c25cf14e4471c6352b046c6653b6fsha256:60434af3ebe924efabc96558e6c8d8176bf4eb06dd6cc47b4c491da9964be874sha256:8e97c6883e7af5cc1f88ac03197d62298906ac4a35a789d94cc9fde45ee7ea13
External References
Source Data
Source record: oss/exotel/meta.yaml