Malicious PyPI crypto pay package aiocpa implants infostealer code
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with multiple versions and good documentation. Machine learning-based threat hunting revealed suspicious obfuscated code in versions 0.1.13 and 0.1.14, designed to exfiltrate sensitive crypto trading information. The incident highlights the growing sophistication of open-source software threats and the need for advanced security tools in development processes.
OPENCTI LABELS :
infostealer,obfuscation,cryptocurrency,pypi,software supply chain,machine learning,threat hunting
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malicious PyPI crypto pay package aiocpa implants infostealer code