Malicious PyPI Package Steals Data via Trojanized AI Proxy

Severity: High (Score: 61.5)

Sources: Gbhackers, Cybersecuritynews

Summary

A malicious Python package named hermes-px has been identified on the Python Package Index (PyPI), disguised as a 'Secure AI Inference Proxy.' This package is designed to route AI requests through the Tor network, falsely claiming to protect user anonymity. However, it hijacks a private university's internal AI endpoint in Tunisia and exfiltrates sensitive user prompts, including a stolen prompt from Anthropic's Claude AI system. The attack method involves the covert collection of data while users believe they are using a secure service. The full scope of the impact is still being assessed, but the incident raises significant concerns about the security of third-party packages in the Python ecosystem. As of now, there are no reported patches or mitigation strategies available for this specific threat. Key Points: • The hermes-px package on PyPI masquerades as a secure AI tool but steals user data. • It hijacks a Tunisian university's AI endpoint and exfiltrates sensitive prompts. • No patches or mitigation strategies have been reported for this malicious package.

Key Entities

• Data Breach (attack_type)
• Malware (attack_type)
• Trojan (attack_type)
• Hermes-px (malware)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1195 - Supply Chain Compromise (mitre_attack)
• Anthropic Claude (platform)
• PyPI (platform)
• Tor (platform)
• Tor Network (platform)