Crypto Stealing Malware Found in Python Package Index – Checkmarks
Researchers at cybersecurity firm Checkmarx have sounded the alarm over a dangerous type of malware uploaded to the Python Package Index (PyPI) — a platform where Python developers download and share code — that steals private keys, mnemonic phrases and other sensitive user data.
According to the organization, the malware was automatically installed by unsuspecting users in various software packages designed to mimic applications of industry-leading wallets such as MetaMask, Atomic, TronLink, Ronin and others.
Malware is cleverly embedded into parts of software packages. This allowed the malware to go largely undetected due to its seemingly harmless code.
An example of an earlier malicious software package was uploaded to the Python Package Index platform in March 2024. Source: Checkmarx
But upon closer inspection, parts of the data revealed that after hackers called certain functions included in software packages, they allowed unsuspecting users to control cryptocurrency wallets and exchange funds.
Checkmarx researchers first discovered the attack vector in March 2024, resulting in the platform banning new projects and new user accounts until the malicious elements were removed – which they eventually were.
Despite the careful and swift action of Checkmarks and the Python Package Index to address the problem, the malware returned in early October and has since been downloaded more than 3,700 times.
Related: Symbiotic X Hacked, Malware Infecting SVG Files: Crypto-Sec
Malware: The Modern Digital Plague
The malware uploaded to the Python Developer Center is concerning, but not unique. In September, cybersecurity firm McAfee Labs discovered sophisticated malware that targets Android smartphones and can steal private keys by scanning images stored on the phone's internal memory.
The malware used technology to extract text from images and was distributed primarily through text message links, which led unsuspecting users to download rogue malware applications that masqueraded as normal software.
Security specialists from Hewlett-Packard's Wolf Security Group recently revealed that cybercriminals are increasingly using artificial intelligence to create malware, a development that lowers the barrier to creating malicious programs.
Most recently, in October, more than 28,000 users fell victim to malware masquerading as office productivity software and gaming applications. Fortunately, the malware was only able to steal a total of $6,000.
Magazine: 2 Auditors Miss $27M Penp Deficit, Pythia's ‘Claim Awards' Error: Crypto-Sec
