#CheckmarxResearch

PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data

by

October 2, 2024 at 02:31AM Malicious packages posing as cryptocurrency wallet recovery services were found in the Python Package Index. They targeted users of prominent wallet services, offering utility functions while secretly stealing sensitive wallet data. The attack exploited open-source trust and dynamic malicious capabilities, highlighting the need for comprehensive security measures in the cryptocurrency … Read more

Hackers poison source code from largest Discord bot platform

by

March 25, 2024 at 02:13PM The Top.gg Discord bot community, with over 170,000 members, has been targeted by a supply-chain attack aiming to deliver malware for data theft and monetization. The attacker used various tactics, including hijacking GitHub accounts and distributing malicious Python packages. This campaign compromised user data from various platforms, highlighting the risks … Read more

Hackers poison source code for largest Discord bot platform

by

March 25, 2024 at 02:06PM A supply-chain attack has targeted the Top.gg Discord bot community of over 170,000 members, aiming to distribute malware for data theft and monetization. An attacker used various tactics, including hijacking accounts and creating fake Python packages, leading to compromised systems and data theft. This underscores the risks in the open-source … Read more