Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index PyPI repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a...

Malicious Package

Overview bitcoinlib-dev is a malicious package. This package installs a module that steals sensitive data from its target by overwriting legitimate CLI commands with malicious ones. Remediation Avoid using all malicious instances of the bitcoinlib-dev package. References - Malicious Package...

Malicious code in bitcoinlibdbfix (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a5cb52fa4f2ac6a68416c59a513399e01bb388d5e238260b712a513db3d97233 It overwrites the 'clw' command from legit bitconinlib package and attempts to exfiltrate its database on the usage. As a context, it appears to be created to...

MAL-2025-3436 Malicious code in bitcoinlib-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a198ee5e2df9c67dcbd24ed19a8fec5d462bbb3c0eb474cf00cd299e75074ef5 It overwrites the 'clw' command from legit bitconinlib package and attempts to exfiltrate its database on the usage. As a context, it appears to be created to...

Malicious code in BіtcoinLіb (NuGet)

--- -= Per source details. Do not edit below this line.=-...

bakers-registry (>=0.1.1 <=0.1.7), bitcoinlib (>=0.5.1 <=0.6.3) +12 more potentially affected by CVE-2024-21502 via fastecdsa (>=1.6.4 <=2.3.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.5.1, =0.1.0, =0.7.3, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: OSV:GHSA-PH86-G9R3-5QW4...

bakers-registry (>=0.1.1 <=0.1.7), bitcoinlib (>=0.5.1 <=0.6.3) +12 more potentially affected by CVE-2024-21502 via fastecdsa (>=1.6.4 <=2.3.0)

fastecdsa PYPI version =1.6.4, =0.1.1, =0.5.1, =0.1.0, =0.7.3, =0.1.1, =0.1.0, =2.0.0, =0.1.0a28, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: OSV:PYSEC-2024-39...

bitcoinlib (>=0.5.1 <=0.6.3), empiric-network (>=0.7.3 <=1.3.1) +6 more potentially affected by CVE-2024-21502 via fastecdsa (>=2.0.0 <=2.3.0)

fastecdsa PYPI version =2.0.0, =0.5.1, =0.7.3, =3.3.0, =1.0.1, =1.0.0, =0.1.0, =0.4.3 - xchainpy-bitcoin =0.1.2 Source cves: CVE-2024-21502 Source advisory: SNYK:PYTHON-FASTECDSA-6262045...

MAL-2023-1667 Malicious code in bitocinlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 033014df8cf641d2f12d845249b50997a474231d9997af8aab9bea278665ccaa Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in bitcionlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 4da0fa1d0611659a48bd40ca29cab25429d6128113ede37bc01bf2189f97d4e8 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in biitcoinlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 54b1682f9a754eeee9171ba0e0e0406e9afa5cd22e19426ff7525ce5c77e311c Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-1669 Malicious code in bittcoinlib (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx f261ec430ad01ca1be8278a44159d5ec18881fdc7887965f80f8acd5773e70a1 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...