Warning: New Malicious Python Package “Pytoileur” Targets Cryptocurrency – Avoid Downloading!

Cybersecurity researchers have discovered a malicious Python package, pytoileur, in the PyPI repository, designed to facilitate cryptocurrency theft. The package, downloaded 316 times, executes malicious code upon installation, retrieving a Windows binary to deploy spyware and steal data. This incident highlights the increasing risk of supply chain attacks targeting open-source ecosystems.

3P
Published: May 29, 2024 5:43 pmAdded: May 29, 2024 at 10:56 amAssembled by: The Editor
Pro Dashboard

Hot Take:

PyPI? More like Py-Piecing your data away! Looks like crypto thieves have found a new way to cash in on developers’ naivety. Time to update that Pipfile with some extra caution, folks!

Key Points:

  • New malicious Python package named “pytoileur” found in PyPI repository.
  • Downloaded 316 times before being yanked and reinstated with identical functionality.
  • Malicious code embedded in setup.py script executes Base64-encoded payload.
  • Binary “Runtime.exe” retrieved and run via PowerShell and VBScript commands.
  • Linked to prior malicious campaigns involving bogus Python packages like Pystob and Pywool.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?