Despite the vigilance and quick action of Checkmarx and the Python Package Index to address the issue, the malware returned in early October and has reportedly been downloaded more than 3,700 ...

Unfortunately, a single malicious package can be baked into multiple different projects – infecting them with cryptominers, info-stealers and more, and making remediation a complex process.

Attackers uploaded fake Python packages to PyPI that posed as Bitcoinlib tools and targeted wallet data. The malware infected crypto development environments, stole private keys and seed phrases ...

Magazine: 2 auditors miss $27M Penpie flaw, Pythia’s ‘claim rewards’ bug: Crypto-Sec Crypto-stealing malware discovered in Python Package Index — Checkmarx© Cointelegraph ...