Dangerous Malware Discovered in Python Code Repository, Stealing Crypto
Cybersecurity firm Checkmarx has flagged dangerous malware hidden in the Python Package Index (PyPI), a platform where developers share Python code. This malware is designed to steal sensitive data like private keys and recovery phrases used in cryptocurrency wallets.
How Hackers Tricked Users
The malware was uploaded by an unknown user in several software packages that pretended to be legitimate tools for wallets like MetaMask, TronLink, and Atomic. It cleverly hid in the code, making it hard to detect.
Once users interacted with certain features in these infected packages, hackers could access their wallets and steal their funds. The issue was first spotted in March 2024, prompting PyPI to temporarily stop new uploads while they cleaned up the malicious code.
Malware Comes Back
Even after removing the malware, it resurfaced in October and has been downloaded more than 3,700 times. This puts crypto users at risk, as they unknowingly download these harmful packages.
Growing Malware Problem
This is just one example of how widespread malware is becoming. McAfee Labs recently found malware targeting Android phones, capable of stealing private keys from images. Meanwhile, Hewlett-Packard’s Wolf Security team revealed that hackers are using AI to create malware more easily.
In another case, over 28,000 people were tricked into downloading malware disguised as office software and gaming apps, though it only stole $6,000.