Hackers hijack Python packages once again to spread dangerous malware

Hackers are once again targeting Python developers involved in the blockchain industry in an attempt to distribute malware and steal tokens.

A new report from cybersecurity researchers at Checkmarx outlines how they observed an account on PyPI uploading multiple packages within a very short timeframe.

This unnamed individual uploaded a handful of packages with similar names: “AtomicDecoderss”, “TrustDecoderss”, “WalletDecoderss”, and more. The packages are presented as tools for decoding and managing data from different cryptocurrency wallets. On the surface, they look like super useful tools, especially for people in need of crypto wallet recovery, or management.

Malicious intent

Depending on the name, the packages are designed for separate wallets: Atomic, Trust Wallet, MetaMask, Ronin, Exodus, TronLink, and others. The ones mentioned here are some of the most popular wallets out there, especially MetaMask and Atomic.

Their true purpose, however, is malicious – they work in the background to grab additional code from dependencies, which is built to steal cryptocurrency wallet data such as private keys and mnemonic phrases. This data is used to load a wallet into a new app, essentially allowing crooks to manage the money as they see fit.

The packages were also designed with plenty of obfuscation in mind, the researchers explained in the press release: “This strategic use of dependencies allowed the main packages to appear harmless while harboring malicious intent in their underlying components.”

Checkmarx doesn’t know how many people were affected by the attack, but urged everyone to stay vigilant, especially when grabbing content from major repositories who are often targeted.

PyPI is short for Python Package Index, and serves as a repository for Python software packages. It is a central hub where Python developers can upload, share, and install software libraries and tools, and widely considered as the most popular platform of its kind.

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/xXaZ3Lb4ZEejUv9ipwK3ha-1200-80.jpg

Source link

Quordle hints and answers for Thursday, April 2 (game #1529)

NYT Connections hints and answers for Thursday, April 2 (game #1026)

NYT Strands hints and answers for Thursday, April 2 (game #760)

The Super Mario Galaxy Movie receives a worse rating than its predecessor, as critics call it ‘a bland screensaver that’s worse than AI’

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

$20M and Nothing to Prove

Batman Officially Names DC’s 3 Most Evil Villains

New Sci-Fi Masterpiece Quickly Defeats Dwayne Johnson’s Franchise-Ending Superhero Bomb

Save 50% Off the Matte Black Dark Plates 2.0 Cover Replacement for PlayStation 5 Slim

AI ‘slop’ is flooding YouTube Kids—and more than 200 groups and experts are calling for a ban

Form DEF 14A RAYONIER INC. For: 1 April

The SpaceX IPO is great — but it won’t deliver 100x returns

Wheaton Precious Metals acquires gold, silver stream on Jervois

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Hackers hijack Python packages once again to spread dangerous malware

$20M and Nothing to Prove

AI ‘slop’ is flooding YouTube Kids—and more than 200 groups and experts are calling for a ban

Batman Officially Names DC’s 3 Most Evil Villains

Form DEF 14A RAYONIER INC. For: 1 April