Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Malicious Python Package Targets Crypto

May 30, 2024
Reading Time: 3 mins read
in Alerts
Malicious Python Package Targets Crypto

Cybersecurity researchers have discovered a new malicious Python package in the Python Package Index (PyPI) repository, named pytoileur, which is being used to facilitate cryptocurrency theft. This package, authored by a user named PhilipsPY, has been downloaded 316 times and was re-uploaded with identical functionality after a previous version was removed by PyPI maintainers on May 28, 2024. The package’s setup.py script contains malicious code that executes a Base64-encoded payload to retrieve a Windows binary from an external server, which then installs additional spyware and stealer malware to gather data from web browsers and cryptocurrency services.

The campaign’s propagation was aided by a newly created Stack Overflow account named “EstAYA G,” which directed users to install the pytoileur package under the guise of providing solutions to their technical queries. Security researcher Ax Sharma noted that the recent age and singular focus of the Stack Overflow account on promoting the malicious package strongly suggest that it is linked to the threat actor behind the pytoileur campaign. The misuse of Stack Overflow, a reputable platform, to spread malware is a significant concern, particularly for novice developers who may fall victim to such deceptive advice.

Stack Overflow has responded to the incident by suspending the malicious account and removing the content that violated its network policies. This incident underscores the growing threat of supply chain attacks in open-source ecosystems, where malicious actors target multiple users by compromising widely-used software packages. Sonatype, the company that analyzed the malicious package, highlighted the unprecedented nature of this open abuse and its implications for the global developer community.

The pytoileur incident also shares similarities with previous malicious campaigns involving bogus Python packages like Pystob and Pywool, as reported by Checkmarx in November 2023. These findings highlight the persistent risk posed by threat actors exploiting open-source repositories to distribute malware, emphasizing the need for developers to remain vigilant and for platforms to enhance their security measures to protect users from such attacks.

Reference:
  • New Python Package Discovered Stealing Cryptocurrency

Tags: Cyber AlertCyber Alerts 2024Cyber RiskCyber threatMay 2024PhilipsPYPyPIPython packagepytoileur
ADVERTISEMENT

Related Posts

HTTPBot DDoS Threat To Windows Systems

Horabot Malware Targets LatAm Via Phishing

May 15, 2025
HTTPBot DDoS Threat To Windows Systems

Google Patches Chrome Account Takeover Bug

May 15, 2025
HTTPBot DDoS Threat To Windows Systems

HTTPBot DDoS Threat To Windows Systems

May 15, 2025
Microsoft Defender Bug Allows SYSTEM Access

Uncanny Automator Bug Risks WordPress Sites

May 14, 2025
Microsoft Defender Bug Allows SYSTEM Access

Devs Hit By PyPI Solana Token Secret Theft

May 14, 2025
Microsoft Defender Bug Allows SYSTEM Access

Microsoft Defender Bug Allows SYSTEM Access

May 14, 2025

Latest Alerts

Google Patches Chrome Account Takeover Bug

Horabot Malware Targets LatAm Via Phishing

HTTPBot DDoS Threat To Windows Systems

Microsoft Defender Bug Allows SYSTEM Access

Uncanny Automator Bug Risks WordPress Sites

Devs Hit By PyPI Solana Token Secret Theft

Subscribe to our newsletter

    Latest Incidents

    Dior Breach Exposes Asian Customer Data

    Australian Human Rights Body Files Leaked

    Nucor Cyberattack Halts Plants Networks

    Alabama Cybersecurity Event Hits Services

    Andy Frain Data Breach Impacts 100k People

    Hong Kong DSC Hit By Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial