Home Security PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot

by


Nov 25, 2024Ravie LakshmananSoftware Supply Chain / Malware

The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included malicious code to exfiltrate private keys via Telegram.

The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date.

By putting the Python library in quarantine, it prevents further installation by clients and cannot be modified by its maintainers.

Cybersecurity outfit Phylum, which shared details of the software supply chain attack last week, said the author of the package published the malicious update to PyPI, while keeping the library’s GitHub repository clean in an attempt to evade detection.

Cybersecurity

It’s currently not clear if the original developer was behind the rogue update or if their credentials were compromised by a different threat actor.

Signs of malicious activity were first spotted in version 0.1.13 of the library, which included a change to the Python script “sync.py” that’s designed to decode and run an obfuscated blob of code immediately after the package is installed.

Crypto Keys via Telegram Bot

“This particular blob is recursively encoded and compressed 50 times,” Phylum said, adding it’s used to capture and transmit the victim’s Crypto Pay API token using a Telegram bot.

It’s worth noting that Crypto Pay is advertised as a payment system based on Crypto Bot (@CryptoBot) that allows users to accept payments in crypto and transfer coins to users using the API.

The incident is significant, not least because it highlights the importance of scanning the package’s source code prior to downloading them, as opposed to just checking their associated repositories.

“As evidenced here, attackers can deliberately maintain clean source repos while distributing malicious packages to the ecosystems,” the company said, adding the attack “serves as a reminder that a package’s previous safety record doesn’t guarantee its continued security.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex