Researchers at the Checkmarx cybersecurity firm sounded the alarm on a dangerous form of malware uploaded to the Python Package Index (PyPI) — a platform for Python developers to download and ...

Attackers uploaded fake Python packages to PyPI that posed as Bitcoinlib tools and targeted wallet data. The malware infected crypto development environments, stole private keys and seed phrases ...

Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.

Despite the vigilance and quick action of Checkmarx and the Python Package Index to address the issue, the malware returned in early October and has reportedly been downloaded more than 3,700 ...