As Wu said, checkmarx discovered that malicious actors distributed malicious dependencies on fake Python infrastructure, deploying a fake Python package image. Victims include a topgg contributor whose 170,000+ member topgg community code repository was affected by the attack. The malware searches browsers, Telegram, computers and steals sensitive data; it searches specific directories associated with cryptocurrency wallets and attempts to steal wallet-related files. The stolen wallet data is compressed into ZIP files and uploaded to the attacker's server. .
See original
Malicious actors distribute fake Python package images to steal cryptocurrency wallet data
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
Replies 1