Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that’s equipped to steal a victim’s Ethereum private keys by impersonating popular libraries.
The package in question is set-utils, which has received 1,077 downloads to date. It’s no longer available for download from the official registry.
“Disguised as a simple utility for Python sets, the package mimics widely used libraries like python-utils (712M+ downloads) and utils (23.5M + downloads),” software supply chain security company Socket said.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“This deception tricks unsuspecting developers into installing the compromised package, granting attackers unauthorized access to Ethereum wallets.”
The package aims to target Ethereum developers and organizations working with Python-based blockchain applications, particularly Python-based wallet management libraries like eth-account.
Besides embedding the attacker’s RSA public key to be used for encrypting the stolen data and an Ethereum sender account under their control, the library hooks into wallet creation functions like “from_key()” and “from_mnewmonic()” to intercept private keys as they are generated on the compromised machine.
In an interesting twist, the private keys are exfiltrated within blockchain transactions via the Polygon RPC endpoint “rpc-amoy.polygon.technology” in an attempt to resist traditional detection efforts that monitor for suspicious HTTP requests.
“This ensures that even when a user successfully creates an Ethereum account, their private key is stolen and transmitted to the attacker,” Socket said. “The malicious function runs in a background thread, making detection even more difficult.”
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website