PANews reported on October 12 that according to Cointelegraph, researchers at cybersecurity company Checkmarx have issued an alert for a dangerous malware uploaded to the Python Package Index (PyPI) that steals private keys. According to the company, the malware is automatically uploaded by suspicious users through several different software packages, designed to imitate the decoding applications of popular wallets such as MetaMask, Atomic, TronLink, Ronin, and other mainstream products in the industry. The malware is cleverly embedded in various parts of the software package. Since these malware appear to be harmless codes, they are basically undetectable. However, upon closer inspection, once an unsuspecting user calls a specific function embedded in the software package, a specific part of the data allows hackers to control the cryptocurrency wallet and transfer funds.
This attack vector was first discovered by Checkmarx researchers in March 2024, causing the platform to suspend new projects and new user accounts until the malicious elements were removed (which they eventually were). Despite Checkmarx and the Python Package Index remaining vigilant and taking quick action to address the issue, the malware reappeared in early October and has reportedly been downloaded more than 3,700 times since then