The Hacker News6 天
This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
Malicious PyPI package set-utils steals Ethereum private keys, exfiltrating them via Polygon RPC to evade detection.
PyPi package with 100K installs pirated music from Deezer for years
A malicious PyPi package named 'automslc' has been downloaded over 100,000 times from the Python Package Index since 2019, ...
Ethereum private key stealer on PyPI downloaded over 1,000 times
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain ...
来自MSN11 个月
PyPI stops signing up new users to try and block malware campaign
Python Package Index (PyPI), the largest repository of Python packages, has once again been forced to suspend new account and new project registrations. Cybersecurity experts from both Checkmarx ...
来自MSN2 个月
AWS keys stolen by malicious PyPI package with thousands of downloads
Researchers discover three-year old malicious package in PyPI The package is a typosquatted version of Fabric, with 37,000 downloads Its goal is to steal AWS login credentials from the developers ...