Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform
01-August-24
Threat actors have abused the Q&A platform Stack Exchange to direct developers to malicious Python packages that drain cryptocurrency wallets and exfiltrate data. Checkmarx researchers revealed that since June 25, 2024, packages targeting Raydium and Solana users were downloaded 2,082 times before being removed from PyPI. These packages stole browser passwords, cookies, credit card details, cryptocurrency wallets, and messaging app information, and granted persistent remote access to victims’ systems. The attackers posted seemingly helpful answers on Stack Exchange and Medium to maximize reach and credibility. This incident highlights the risks of supply chain attacks facilitated by community-driven platforms and underscores the need for stringent security strategies.
