Sonatype researchers have discovered Python packages that contain malicious code that peeks and reveals secret AWS certificates, network interface information, and environment variables.
All of these certificates and metadata are then uploaded to one or more endpoints and visible to anyone on the web. Goes to a directory level and displays hundreds of TXT files that contain sensitive information and privacy
In this HelpNet Security video, Ax Sharma, Senior Security Researcher Sonata typeExplains the situation in more detail.