A dangerous malware campaign has surfaced targeting cryptocurrency users through a deceptive Python package hosted on the PyPI repository. The threat actors disguised their malicious code within a fake spell-checking tool, mimicking the legitimate pyspellchecker package that boasts over 18 million downloads. This supply chain attack represents an evolving threat landscape where attackers exploit trusted software repositories to distribute remote access trojans and credential harvesting tools to unsuspecting developers worldwide. The malicious package, designed to steal sensitive cryptocurrency information, employs sophisticated obfuscation techniques and multiple encryption layers to evade detection.…
Read MoreHackers Leverage Malicious PyPI Package to Attack Users and Steal Cryptocurrency Details
