Researchers from Checkmarx uncovered malware on the Python Package Index (PyPI) that steals sensitive crypto wallet data, such as private keys and mnemonic phrases. Disguised as legitimate wallet tools, the malware has been downloaded over 3,700 times, affecting wallets like MetaMask and TronLink. Despite efforts to remove the threat earlier this year, the malicious code resurfaced in October.
| Discovery | Checkmarx cybersecurity firm identifies malware in Python Package Index (PyPI). |
| Target | Malware steals private keys, mnemonic phrases, and sensitive data from crypto wallets like MetaMask and TronLink. |
| Method | Hidden within software packages mimicking legitimate wallet tools. |
| Impact | Over 3,700 downloads reported before detection. |
| Response | PyPI previously suspended new projects in March 2024; malware resurfaced in October despite earlier actions. |