Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Malicious PyPI Package Steals MEXC Tokens

April 16, 2025
Reading Time: 2 mins read
in Alerts
Hackers Use Node.js to Deliver Malware

A malicious package named ccxt-mexc-futures was uploaded to the PyPI repository, targeting users of the MEXC cryptocurrency exchange. The package claimed to extend the popular ccxt Python library, which facilitates cryptocurrency trading, but instead rerouted trading orders to a malicious server. This allowed attackers to steal tokens by modifying APIs associated with the MEXC interface. The package had been downloaded over 1,000 times before being removed from the repository.

The attackers exploited three MEXC-related functions in the original ccxt library, creating vulnerabilities that could execute arbitrary code on affected machines. By sending requests to a fraudulent domain, the attackers were able to intercept sensitive information, including API keys and secrets, which were then sent to their malicious server. The package also created entries in the MEXC API, directing all requests to the attacker-controlled domain, greentreeone.com.

This enabled them to hijack crypto tokens and sensitive data from unsuspecting users.

Security researchers have advised anyone who installed the package to revoke potentially compromised tokens and immediately remove it from their systems. This incident highlights the increasing risk of counterfeit packages in open-source repositories like PyPI and npm. Malicious actors are using these packages to infiltrate developer systems, execute reverse shells, and exfiltrate data, posing significant threats to software supply chains.

The attack is part of a broader trend of security risks in open-source ecosystems.

As software supply chain attacks grow more sophisticated, they increasingly involve tools like large language models (LLMs) that can hallucinate non-existent packages. Developers must remain vigilant to avoid introducing malicious dependencies into their codebase, as these threats continue to evolve and expand across various platforms.

Reference:

  • Malicious PyPI Package Hijacks MEXC Cryptocurrency Orders and Steals Tokens
Tags: April 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial