zCat on Nostr: PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot The ...
PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot
The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram.
The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date.
By putting the Python library in quarantine, it prevents further installation by clients and cannot be modified by its maintainers.
Cybersecurity outfit Phylum, which shared details of the software supply chain attack last week, said the author of the package published the malicious update to PyPI, while keeping the library's GitHub repository clean in an attempt to evade detection.
See more: https://thehackernews.com/2024/11/pypi-python-library-aiocpa-found.html
#cybersecurity #supplychainattack #crypto
The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram.
The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date.
By putting the Python library in quarantine, it prevents further installation by clients and cannot be modified by its maintainers.
Cybersecurity outfit Phylum, which shared details of the software supply chain attack last week, said the author of the package published the malicious update to PyPI, while keeping the library's GitHub repository clean in an attempt to evade detection.
See more: https://thehackernews.com/2024/11/pypi-python-library-aiocpa-found.html
#cybersecurity #supplychainattack #crypto