Cybersecurity researchers identified a malicious package on PyPI named ccxt-mexc-futures, masquerading as an extension for the ccxt library used in cryptocurrency trading. The package was designed to reroute orders from the MEXC exchange to a server controlled by attackers. Although removed from PyPI, it had over 1,000 downloads. The package manipulates several key API functions to execute trades stealthily, redirecting communication to a rogue domain, enabling unauthorized retrieval of sensitive user data.
The package creates entries in the API for MEXC integration, allowing malicious redirection and theft of trading orders through compromised API endpoints.
Researchers discovered that the ccxt-mexc-futures package overrides MEXC-related functions, leading developers to unknowingly execute malicious actions during cryptocurrency trading.
Collection
[
|
...
]