CyberWire Daily Crypto client or cyber trap? [Research Saturday]
16 snips
Jan 4, 2025 Karlo Zanki, a Reverse Engineer at ReversingLabs, specializes in the identification and analysis of malware. He discusses the discovery of a malicious PyPI package named aiocpa that masqueraded as a legitimate crypto client to steal cryptocurrency wallet info. Zanki emphasizes the shift from basic attacks to increasingly clever tactics exploiting open-source packages. The conversation highlights the necessity for advanced security tools in the evolving landscape of software supply chains and the steps needed to fortify package repositories against these sophisticated threats.
AI Snips
Chapters
Transcript
Episode notes
Malicious Crypto Package
- ReversingLabs detected a malicious PyPI package, aiocpa, designed to steal cryptocurrency wallet information.
- Unlike typical typosquatting, attackers built a seemingly legitimate tool first to gain trust, then introduced malicious updates.
Attempted Package Takeover
- The aiocpa developer tried to take over another existing PyPI package named "Pay" shortly after publishing their own.
- This suggests they aimed for a more common and trustworthy package name to attract more users.
Discrepancy Between PyPI and GitHub
- Malicious code can be injected into PyPI packages without modifying the GitHub repository.
- Developers often don't use automated publishing, allowing attackers to modify packages during the publishing process.