{
  "name": "Python Crypto Library Updated to Steal Private Keys",
  "slug": "python-crypto-library-updated-to-steal-private-keys",
  "description": "Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library.",
  "published": "2024-11-26T19:53:45+00:00",
  "created_at": "2024-11-26T19:53:45+00:00",
  "modified_at": "2024-11-26T20:35:22+00:00",
  "created_at_opencti": "2024-11-26T19:53:45+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-11-26",
    "aiocpa",
    "crypto",
    "pypi",
    "telegram"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "c43148103e24a16d59896d6db395ed66a2cd5772ff308dfea10aa36b7f433589"
      },
      {
        "id": "",
        "name": "556bfea997880f1365d3822d26ea57e2cfaecb231128ea1e7e50ad1f778147bb"
      },
      {
        "id": "",
        "name": "6f435a3f209c09d8f7cf180f759a5faa2ff215edc1afce2cd62078574bb70c69"
      },
      {
        "id": "",
        "name": "ad9f5183aa8d792ed1bc991ab3ac9b0cd4160fd9276071a7e63e7d7b4e3481b8"
      }
    ],
    "attack_patterns": [
      {
        "id": "7671fe3e-6a85-463e-928d-16117d2f4f9b",
        "name": "T1059.006"
      },
      {
        "id": "232fbdfa-94c6-443d-b575-373e75b4f4c2",
        "name": "T1567"
      },
      {
        "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d",
        "name": "T1102"
      },
      {
        "id": "358e04b8-6f65-48b2-a24b-f101bfc6671a",
        "name": "T1195"
      }
    ]
  },
  "external_refs": [
    "https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys/",
    "https://otx.alienvault.com/pulse/6746355aea9742cbe45cf36e"
  ]
}