Cybersecurity researchers have discovered a malicious Python package on Python Package (Pypi) repository, which is equipped for the theft of Ethereum victim’s private keys, giving themselves to popular libraries.
The package in question A set of-usersreceived 1077 boot Today. This is no longer available to download from the official registry.
“Cutting into a simple Python set utility, a package imitates widely used libraries such as Python-Utils (712m + boot) and utilities (23.5 m + boot),” “Software safety outlet – Note.
“This deception is cheating on unsuspecting developers to install a compromised package, giving the attackers unauthorized access to Ethereum wallets.”
The package is aimed at orientation to Ethereum developers and organizations that work with Python Blockchain apps, particularly based on Python, such as ETH-Count.
In addition to the installation of the public -drone public key, which will be used to encrypt the stolen data and the Ethereum account under their control, the library is to create a wallet as “from_key ()” and “from_mnewmonic ()” for intercepted private keys because they generate.
In an interesting turn, private keys are operated as part of the Blockchain transaction via Polygon RPC final point “RPC-moy.Polygon.technology” to try to withstand traditional efforts to detect the HTTP suspicious requests.
“It guarantees that even if the user successfully creates the Ethereum account, their private key is stolen and transmitted by the attacker,” Socket said. “The malicious function works in the background, making the detection even more complicated.”
