"The package creates entries in the API for MEXC integration, allowing malicious redirection and theft of trading orders through compromised API endpoints."
"Researchers discovered that the ccxt-mexc-futures package overrides MEXC-related functions, leading developers to unknowingly execute malicious actions during cryptocurrency trading."
Cybersecurity researchers identified a malicious package on PyPI named ccxt-mexc-futures, masquerading as an extension for the ccxt library used in cryptocurrency trading. The package was designed to reroute orders from the MEXC exchange to a server controlled by attackers. Although removed from PyPI, it had over 1,000 downloads. The package manipulates several key API functions to execute trades stealthily, redirecting communication to a rogue domain, enabling unauthorized retrieval of sensitive user data.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]