Investigating a backdoored PyPi package targeting FastAPI applications | allinfosecnews.com

Nov. 23, 2022, midnight |

Datadog Security Labs securitylabs.datadoghq.com

Introduction

FastAPI is a highly popular Python web framework. On November 23rd, 2022, the Datadog Security Labs team identified a third-party utility Python package on PyPI related to FastAPI, fastapi-toolkit, that has been backdoored by a malicious actor. The attacker inserted a backdoor in the package, adding a FastAPI route allowing a remote attacker to execute arbitrary python code and SQL queries in the context of the web application.

While FastAPI itself is not impacted, this is an interesting …

applications fastapi package pypi pypi package targeting

More from securitylabs.datadoghq.com / Datadog Security Labs

Non-Production Endpoints as an Attack Surface in AWS 5 days, 13 hours ago | securitylabs.datadoghq.com

api api endpoints attack attack surface +13

Malicious PyPI packages targeting highly specific MacOS machines 1 week, 3 days ago | securitylabs.datadoghq.com

cluster machines macos malicious +5

Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover 1 month, 2 weeks ago | securitylabs.datadoghq.com

amplify aws disclosure exposed +11

The XZ Utils backdoor (CVE-2024-3094): Everything you need to know, and more 1 month, 4 weeks ago | securitylabs.datadoghq.com

ages backdoor backdoors cve +9

A threat-informed roadmap for securing Kubernetes clusters (KubeCon EU 2024) 2 months, 1 week ago | securitylabs.datadoghq.com

attacks clusters controls kubecon +8

Tales from the cloud trenches: Using malicious AWS activity to spot phishing campaigns 2 months, 2 weeks ago | securitylabs.datadoghq.com

aws campaign campaigns cloud +5

Kubernetes security fundamentals: Authentication 3 months, 3 weeks ago | securitylabs.datadoghq.com

authentication fundamentals kubernetes kubernetes security +1

An analysis of a TeamTNT doppelgänger 4 months ago | securitylabs.datadoghq.com

analysis api api endpoints backdoors +7

Tales from the cloud trenches: Amazon ECS is the new EC2 for crypto mining 4 months, 2 weeks ago | securitylabs.datadoghq.com

amazon amazon ecs attacks aws +11

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com