Python Crypto Library Updated to Steal Private Keys

Nov. 26, 2024, 9:35 p.m.

Description

Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library.

External References

https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys/
https://otx.alienvault.com/pulse/6746355aea9742cbe45cf36e
Tags
pypi
telegram
crypto
2024-11-26
aiocpa

Date

  • Created: Nov. 26, 2024, 8:53 p.m.
  • Published: Nov. 26, 2024, 8:53 p.m.
  • Modified: Nov. 26, 2024, 9:35 p.m.

Indicators

  • c43148103e24a16d59896d6db395ed66a2cd5772ff308dfea10aa36b7f433589
  • 556bfea997880f1365d3822d26ea57e2cfaecb231128ea1e7e50ad1f778147bb
  • 6f435a3f209c09d8f7cf180f759a5faa2ff215edc1afce2cd62078574bb70c69
  • ad9f5183aa8d792ed1bc991ab3ac9b0cd4160fd9276071a7e63e7d7b4e3481b8

Attack Patterns

  • T1059.006
  • T1567
  • T1102
  • T1195