Source: The Hacker News Author: [email protected] (The Hacker News) URL: https://thehackernews.com/2025/04/malicious-python-packages-on-pypi.html

ONE SENTENCE SUMMARY:

Malicious Python packages on PyPI were found stealing sensitive data and automating credit card fraud via fake modules.

MAIN POINTS:

1. Researchers discovered three malicious Python packages on PyPI targeting sensitive data and credit card fraud.
2. Packages bitcoinlibdbfix and bitcoinlib-dev pretended to fix issues in the legitimate bitcoinlib module.
3. These two packages overwrote the ‘clw cli’ command to exfiltrate database files.
4. Authors of fake packages attempted to deceive users through GitHub issue discussions.
5. A third package, disgrasya, openly contained a carding script targeting WooCommerce stores.
6. Disgrasya validated stolen card data by mimicking legitimate shopping behavior.
7. The malicious script exfiltrated card details to an external server named railgunmisaka[.]com.
8. Disgrasya was downloaded over 34,000 times before being taken down.
9. Carding involves testing stolen cards on e-commerce sites to avoid fraud detection.
10. Threat actors use stolen card data to buy and resell gift or prepaid cards for profit.

TAKEAWAYS:

1. PyPI remains a target for supply chain attacks through malicious Python packages.
2. Threat actors increasingly use automation to evade fraud detection systems.
3. Disguising malware as legitimate libraries is a common tactic to deceive developers.
4. Open-source platforms require stronger vetting and monitoring mechanisms.
5. Users must be cautious when downloading and installing third-party packages.