Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Malicious PyPI crypto pay package aiocpa implants infostealer code

Nov. 29, 2024, 11:03 a.m.

Description

ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with multiple versions and good documentation. Machine learning-based threat hunting revealed suspicious obfuscated code in versions 0.1.13 and 0.1.14, designed to exfiltrate sensitive crypto trading information. The incident highlights the growing sophistication of open-source software threats and the need for advanced security tools in development processes.

Date

Published: Nov. 29, 2024, 10:48 a.m.

Created: Nov. 29, 2024, 10:48 a.m.

Modified: Nov. 29, 2024, 11:03 a.m.

Attack Patterns

T1573

T1071

T1040

T1132

T1027

T1059