{ "name": "Malicious PyPI crypto pay package aiocpa implants infostealer code", "slug": "malicious-pypi-crypto-pay-package-aiocpa-implants-infostealer-code", "description": "ReversingLabs detected a malicious package named 'aiocpa' on PyPI, engineered to compromise cryptocurrency wallets. Unlike typical attacks, the actors published their own crypto client tool to attract users before compromising them through a malicious update. The package appeared legitimate, with multiple versions and good documentation. Machine learning-based threat hunting revealed suspicious obfuscated code in versions 0.1.13 and 0.1.14, designed to exfiltrate sensitive crypto trading information. The incident highlights the growing sophistication of open-source software threats and the need for advanced security tools in development processes.", "published": "2024-11-29T09:48:19+00:00", "created_at": "2024-11-29T09:48:19+00:00", "modified_at": "2024-11-29T10:03:58+00:00", "created_at_opencti": "2024-11-29T09:48:19+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-11-29", "cryptocurrency", "infostealer", "machine learning", "obfuscation", "pypi", "software supply chain", "threat hunting" ], "related_entities": { "attack_patterns": [ { "id": "a72ebeae-8e62-4039-8135-e9c611011fdc", "name": "T1573" }, { "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e", "name": "T1071" }, { "id": "ed82bdd1-d346-48d1-98de-36a9a0a96489", "name": "T1040" }, { "id": "81ee4813-4f68-4984-bec1-980d7c5b56eb", "name": "T1132" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://www.reversinglabs.com/blog/malicious-pypi-crypto-pay-package-aiocpa-implants-infostealer-code", "https://otx.alienvault.com/pulse/67499bf32e7fdd057b437f7b" ] }