Sonatype discovered python packages stealing AWS credentials and keys.
According to Sonatype "These packages were discovered by Sonatype's automated malware detection system, offered as a part of Nexus platform products, including Nexus Firewall. On a further review, we deemed these packages malicious and reported them to PyPI."
Following packages were analyzed and identified by Sonatype security researchers Jorge Cardona and Carlos Fernández,
Scripts are uploading collected credentials to multiple endpoints on the pygrata domain. Stolen credentials are exposed to anyone on the web. Sonatype questioned that this could be a legitimate security testing? but there is not much information to rule out this suspecious activity.