According to Cointelegraph, researchers at the Checkmarx cybersecurity firm have identified a dangerous form of malware uploaded to the Python Package Index (PyPI). This platform, used by Python developers to download and share code, has been compromised by malware that steals private keys, mnemonic phrases, and other sensitive user data.
The malware was uploaded by a suspicious user in several software packages designed to mimic decoding applications for popular wallets such as MetaMask, Atomic, TronLink, and Ronin. The malicious software was embedded within parts of these packages, allowing it to go largely undetected due to its seemingly harmless code.
Checkmarx researchers first discovered this attack vector in March 2024, leading to the suspension of new projects and user accounts on the platform until the malicious elements were removed. Despite these efforts, the malware resurfaced in early October and has reportedly been downloaded more than 3,700 times since.
The issue of malware on the Python developer hub is part of a broader trend. In September, McAfee Labs discovered sophisticated malware targeting Android smartphones, capable of stealing private keys by scanning images stored on a phone’s internal memory. This malware used optical character recognition technology to extract text from images and was spread through text message links, prompting users to download fraudulent applications.
Additionally, Hewlett-Packard’s Wolf Security team revealed that cybercriminals are increasingly using artificial intelligence to create malware, significantly lowering the barrier to entry for creating malicious programs. In October, more than 28,000 users fell victim to malware disguised as office productivity software and gaming applications, although the malware only managed to steal a total of $6,000.