Malicious PyPI Packages Target Bitcoin Users and Payment Systems with Data-Stealing Code
Security researchers discovered three malicious Python packages on PyPI that were downloaded over 39,000 times, designed to steal sensitive data and validate stolen credit cards. The packages masqueraded as Bitcoin library fixes while containing code to steal database files and test stolen payment information.
DeepSeek AI Phishing Campaign Targets Crypto Wallets and User Data
Multiple fraudulent websites impersonating DeepSeek have emerged following the Chinese AI company's recent model release, putting users' sensitive data and cryptocurrency at risk. Security researchers identified at least 16 active phishing sites using sophisticated evasion tactics and malicious packages to steal credentials and distribute malware.
Malicious PyPI Packages Found Stealing User Data and Hijacking Social Media Accounts
Security researchers discovered two dangerous packages on PyPI repository that accumulated 300 downloads before removal. The malware captured keystrokes, screenshots, and sensitive data from major social platforms while employing sophisticated concealment techniques to avoid detection.
Critical Security Breach: Popular Python AI Library Compromised with Crypto Mining Malware
The Ultralytics AI library was discovered distributing malicious cryptocurrency mining code through compromised versions on PyPI. The attack, which exploited GitHub Actions workflows, potentially impacted thousands of AI developers worldwide and highlights growing concerns around supply chain security.