🚀 Malware Targets Python Package Index, Steals Sensitive Data
#Malware #PythonPackageIndex #PyPI #SensitiveData #Cybersecurity #Checkmarx #MetaMask #TronLink #Ronin #Cybercrime #ArtificialIntelligence #MaliciousSoftware #DataTheft #McAfeeLabs #OpticalCharacterRecognition #HewlettPackard #WolfSecurity
According to Cointelegraph, researchers at the Checkmarx cybersecurity firm have identified a dangerous form of malware uploaded to the Python Package Index (PyPI). This platform, used by Python developers to download and share code, has been compromised by malware that steals private keys, mnemonic phrases, and other sensitive user data.
The malware was uploaded by a suspicious user in several software packages designed to mimic decoding applications for popular wallets such as MetaMask, Atomic, TronLink, and Ronin. The malicious software was embedded within parts of these packages, allowing it to go largely undetected due to its seemingly harmless code.
Checkmarx researchers first discovered this attack vector in March 2024, leading to the suspension of new projects and user accounts on the platform until the malicious elements were removed. Despite these efforts, the malware resurfaced in early October and has reportedly been downloaded more than 3,700 times since.
The issue of malware on the Python developer hub is part of a broader trend. In September, McAfee Labs discovered sophisticated malware targeting Android smartphones, capable of stealing private keys by scanning images stored on a phone’s internal memory. This malware used optical character recognition technology to extract text from images and was spread through text message links, prompting users to download fraudulent applications.
Additionally, Hewlett-Packard’s Wolf Security team revealed that cybercriminals are increasingly using artificial intelligence to create malware, significantly lowering the barrier to entry for creating malicious programs. In October, more than 28,000 users fell victim to malware disguised as office productivity software and gaming applications, although the malware only managed to steal a total of $6,000.#Malware #PythonPackageIndex #PyPI #SensitiveData #Cybersecurity #Checkmarx #MetaMask #TronLink #Ronin #Cybercrime #ArtificialIntelligence #MaliciousSoftware #DataTheft #McAfeeLabs #OpticalCharacterRecognition #HewlettPackard #WolfSecurity
🚀 Supply Chain Attack Targets PyPI Package LiteLLM with Malicious Code
#SupplyChainAttack #PyPI #LiteLLM #MaliciousCode #CyberSecurity #DataBreach #CloudSecurity #Kubernetes #CryptoSecurity #CI_CD #DatabaseSecurity
A recent supply chain attack has compromised the PyPI package LiteLLM, which is downloaded approximately 97 million times monthly. According to NS3.AI, the malicious version of the package was designed to steal sensitive information, including SSH keys, cloud credentials, Kubernetes files, git credentials, environment variables, cryptocurrency wallets, SSL private keys, CI/CD keys, and database passwords. The attack was short-lived, as the malicious code was available for less than an hour. A bug in the implant led to developer Callum McMahon's machine running out of memory and crashing, inadvertently revealing the attack.#SupplyChainAttack #PyPI #LiteLLM #MaliciousCode #CyberSecurity #DataBreach #CloudSecurity #Kubernetes #CryptoSecurity #CI_CD #DatabaseSecurity
🚀 Malicious LiteLLM Versions on PyPI Downloaded Nearly 47,000 Times in 46 Minutes
#LiteLLM #PyPI #MaliciousVersions #CyberAttack #NS3AI #FutureSearch #PythonSecurity #WalletFiles #Solana #CloudCredentials #TransitiveDependencies #SecurityThreat
Attackers released two harmful versions of LiteLLM on the Python Package Index (PyPI) on March 24. According to NS3.AI, FutureSearch reported that these versions were downloaded 46,996 times within just 46 minutes. Version 1.82.8 included a .pth file that executed with every Python startup. The payload was designed to search for wallet files, Solana validator data, and cloud credentials. LiteLLM advised that installations made during this period, which involved unpinned transitive dependencies, should be considered potentially compromised.#LiteLLM #PyPI #MaliciousVersions #CyberAttack #NS3AI #FutureSearch #PythonSecurity #WalletFiles #Solana #CloudCredentials #TransitiveDependencies #SecurityThreat