Loading...
Market
Removal of 'aiocpa' Python Package from PyPI by End of 2024?
2
Resolution / Starting Odds
Yes • 50%
No • 50%
PyPI official website or announcements
Story
Malicious 'aiocpa' Python Library Trojan Horse Exfiltrates Private Keys to Telegram Bot, 12,100 Downloads
Nov 25, 2024, 01:57 PM
A malicious update in the Python package 'aiocpa', hosted on the Python Package Index (PyPI), has been identified as a Trojan horse that targets private keys. This update was linked to the developers of the Crypto Pay API client and has reportedly been downloaded 12,100 times. The malicious code exfiltrates sensitive data to a Telegram bot, raising significant concerns in the cybersecurity community. Experts are warning users who have downloaded the package to take immediate action to secure their wallets and private keys, as the update poses a serious risk to cryptocurrency security.
View original story
Similar markets
AI/ML library • 25%
Web development library • 25%
Data analysis library • 25%
Other category of library • 25%
Malicious code injection • 25%
Credential theft • 25%
Dependency confusion • 25%
Other methods • 25%
Positive impact on AI model integrity • 25%
Negative impact due to loss of data • 25%
No significant impact • 25%
Other • 25%
Increased security audits • 25%
Adoption of alternative libraries • 25%
Formation of a security consortium • 25%
No major response • 25%
