PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot
November 25, 2024 at 10:00AM The Python Package Index (PyPI) has quarantined the malicious “aiocpa” package, which was updated to exfiltrate private keys via Telegram. Originally released in September 2024 and downloaded 12,100 times, the malicious code was hidden in an obfuscated script. This incident underscores the need for thorough source code scanning. **Meeting Takeaways: … Read more