Python Crypto Library Updated to Steal Private Keys [phylum.io]:
Yesterday, Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean of the malicious code to evade detection.
[...] Interesting! The attacker overwrites the __init__ method of the CryptoPay class. Actually, it's acting more like a wrapper around the originality functionality of the method. They're saving the original method via init = CryptoPay.__init__ and then calling it as per usual with init(*args, **kwargs) and then sending a Telegram message to, presumably, the attacker's Telegram bot call with args[1:] as the message.
[...] Just to recap, we're seeing a crypto library that dynamically alters the class's constructor upon module import to exfiltrate the victim's private keys when calling the class's constructor!
Another interesting aspect we discovered in our investigation is that its PyPI homepage points to a GitHub repo [github.com].
However, if you look at the same file in the GitHub repo, you'll notice that the obfuscated payload is missing! This means the attacker updated a local copy of the repo with the malicious payload and then published that package to PyPI, leaving the GitHub repo with the same version numbers malware-free — a clear attempt at evasion.
This library's popularity - with 17 GitHub stars and (according to pypistats.org before the package was removed) nearly 4K downloads in the last month–makes this incident particularly concerning. The attack highlights two critical security lessons: First, it demonstrates the importance of scanning the actual code sent to open source ecosystems, that is the code that actually runs when you pip install or node -i a package, rather than just reviewing source repositories alone. As evidenced here, attackers can deliberately maintain clean source repos while distributing malicious packages to the ecosystems. Second, it serves as a reminder that a package's previous safety record doesn't guarantee its continued security.