According to BlockBeats, on October 12, according to Cointelegraph, researchers from the cybersecurity company Checkmarx have issued an alert about a dangerous malware uploaded to the Python Package Index (PyPI) that steals private keys. According to the company, the malware was automatically uploaded by suspicious users through several different packages, designed to imitate the decoding applications of popular wallets such as MetaMask, Atomic, TronLink, Ronin, and other mainstream products in the industry.
The malware was cleverly embedded into various parts of the software package. Since the malware appeared to be harmless code, it was largely undetectable. However, upon closer inspection, specific parts of the data allowed hackers to take control of cryptocurrency wallets and transfer funds once an unsuspecting user called a specific function embedded in the software package. This attack vector was first discovered by researchers at Checkmarx in March 2024, causing the platform to suspend new projects and new user accounts until the malicious elements were removed (which they eventually were).
Despite Checkmarx and the Python Package Index remaining vigilant and taking swift action to address the issue, the malware reappeared in early October and has reportedly been downloaded more than 3,700 times since then.