The PyPI repository containing malicious Python packages are steal sensitive data before sending it to publicly exposed endpoints. The sensitive data includes AWS credentials as well as environment variables. The stolen data is stored in TXT files and uploaded to a PyGrata[.]com domain. The endpoint though wasn’t properly secured, leaving a loophole for the analysts to see what threat actors have stolen.