all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

Add to bookmarks
March 12, 2024, noon | karlo.zanki@reversinglabs.com (Karlo Zanki)

ReversingLabs Blog blog.reversinglabs.com




ReversingLabs has identified a new, malicious campaign consisting of seven different open source packages with 19 different versions on the Python Package Index (PyPI), with the oldest package dating back to December, 2022. The campaign's goal: to steal mnemonic phrases used to recover lost or destroyed crypto wallets.  

This is just the latest software supply chain campaign to target crypto assets — a list that includes the compromise of Voice over IP (VoIP) vendor 3CX. It confirms that cryptocurrency continues …

back campaign crypto crypto wallet crypto wallets dating december goal lost malicious malicious pypi packages mnemonic open source open source packages package packages passwords pypi pypi packages python python package python package index recover recovery reversinglabs steal target threat research wallet wallets

Visit resource

More from blog.reversinglabs.com / ReversingLabs Blog

Announcing the General Availability of TitaniumScale v5.0: Enhancing File Analysis for Advanced Threat Detection 1 day ago | blog.reversinglabs.com
advanced advanced threat advanced threat detection analysis +23
How NIST CSF 2.0 and C-SCRM help manage software supply chain risk 1 day, 20 hours ago | blog.reversinglabs.com
appsec & supply chain security businesses critical critical infrastructure +29
What’s hot at RSAC 2024: 7 must-see talks for security operations teams 3 days ago | blog.reversinglabs.com
conference filter flood francisco +21
NVD delays highlight vulnerability management woes: Put malware first 4 days ago | blog.reversinglabs.com
appsec & supply chain security attention change current +16
CycloneDX upgraded for the evolving software supply chain security era 1 week, 1 day ago | blog.reversinglabs.com
ai development appsec & supply chain security bill bills +25
Where GenAI intersects with threat modeling: 3 key benefits for AppSec 1 week, 3 days ago | blog.reversinglabs.com
application application security appsec appsec & supply chain security +18
OWASP's LLM AI Security & Governance Checklist: 13 action items for your team 1 week, 4 days ago | blog.reversinglabs.com
action ai security appsec & supply chain security artificial +15
XZ Trojan highlights software supply chain risk posed by 'sock puppets' 2 weeks, 2 days ago | blog.reversinglabs.com
appsec & supply chain security attacks compression compromise +28
The state of secrets security: 7 steps to better managing risk 2 weeks, 3 days ago | blog.reversinglabs.com
appsec & supply chain security complexity development epidemic +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Director, Cybersecurity - Governance, Risk and Compliance (GRC)

@ Stanley Black & Decker | New Britain CT USA - 1000 Stanley Dr
View on infosec-jobs.com

Information Security Risk Metrics Lead

@ Live Nation Entertainment | Work At Home-Connecticut
View on infosec-jobs.com

IT Product Owner - Enterprise DevSec Platform (d/f/m)

@ Airbus | Hamburg - Finkenwerder
View on infosec-jobs.com

Senior Information Security Specialist

@ Arthur Grand Technologies Inc | Arlington, VA, United States
View on infosec-jobs.com

Information Security Controls SME

@ Sword | Aberdeen, Scotland, United Kingdom
View on infosec-jobs.com
View more jobs