This latest attack vector involves several malicious packages disguised as time-related utilities, which are actually designed to steal sensitive information including cloud access tokens, API keys, and other credentials. In February 2025, security researchers identified malicious packages named “deepseeek” and “deepseekai” that similarly collected user data and stole environment variables. Security experts recommend that organizations implement rigorous supply chain security practices, including package verification, network monitoring for suspicious outbound connections, and the use of private package repositories with strict vetting processes. The malicious packages target AWS credentials, environment variables, and other cloud service tokens that could provide attackers with access to sensitive infrastructure. For instance, the malicious package “execution-time-async” closely resembles the legitimate “execution-time” utility that measures code execution time and receives over 27,000 weekly downloads. Upon installation, these packages appear to provide standard time formatting and measurement functionality while secretly executing malicious code in the background. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Several packages are pretending to be "time" related utilities, but are actually used to steal sensitive data like cloud tokens. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Security experts note that the reversed endpoint URL in the code is designed to evade basic security scans.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 14 Mar 2025 08:15:05 +0000