Loading...
Loading...
Browse all stories on DeepNewz
VisitMalicious 'aiocpa' Python Library Trojan Horse Exfiltrates Private Keys to Telegram Bot, 12,100 Downloads
Nov 25, 2024, 01:57 PM
A malicious update in the Python package 'aiocpa', hosted on the Python Package Index (PyPI), has been identified as a Trojan horse that targets private keys. This update was linked to the developers of the Crypto Pay API client and has reportedly been downloaded 12,100 times. The malicious code exfiltrates sensitive data to a Telegram bot, raising significant concerns in the cybersecurity community. Experts are warning users who have downloaded the package to take immediate action to secure their wallets and private keys, as the update poses a serious risk to cryptocurrency security.
View original story
Markets
Yes • 50%
No • 50%
Reports published by major cybersecurity firms
No • 50%
Yes • 50%
Official statement from the developers or news outlets
Yes • 50%
No • 50%
PyPI official website or announcements
More than 75% • 25%
51% to 75% • 25%
Less than 25% • 25%
25% to 50% • 25%
Surveys or reports from cybersecurity firms
PyPI • 25%
Other • 25%
Crypto Pay API Developers • 25%
Telegram • 25%
Cybersecurity reports and news articles
Other Measures • 25%
Removal of 'aiocpa' • 25%
Security Policy Update • 25%
No Action Taken • 25%
Official announcements from PyPI