Source: The Hacker News Author: info@thehackernews.com (The Hacker News) URL: https://thehackernews.com/2025/04/malicious-python-packages-on-pypi.html
-
ONE SENTENCE SUMMARY: Malicious Python packages on PyPI were found stealing sensitive data and automating credit card fraud via fake modules.
-
MAIN POINTS:
-
Researchers discovered three malicious Python packages on PyPI targeting sensitive data and credit card fraud.
-
Packages bitcoinlibdbfix and bitcoinlib-dev pretended to fix issues in the legitimate bitcoinlib module.
-
These two packages overwrote the ‘clw cli’ command to exfiltrate database files.
-
Authors of fake packages attempted to deceive users through GitHub issue discussions.
-
A third package, disgrasya, openly contained a carding script targeting WooCommerce stores.
-
Disgrasya validated stolen card data by mimicking legitimate shopping behavior.
-
The malicious script exfiltrated card details to an external server named railgunmisaka[.]com.
-
Disgrasya was downloaded over 34,000 times before being taken down.
-
Carding involves testing stolen cards on e-commerce sites to avoid fraud detection.
-
Threat actors use stolen card data to buy and resell gift or prepaid cards for profit.
-
TAKEAWAYS:
-
PyPI remains a target for supply chain attacks through malicious Python packages.
-
Threat actors increasingly use automation to evade fraud detection systems.
-
Disguising malware as legitimate libraries is a common tactic to deceive developers.
-
Open-source platforms require stronger vetting and monitoring mechanisms.
-
Users must be cautious when downloading and installing third-party packages.