Hackread reports that Atomic, Exodus, Metamask, Ronin, TronLink, and Trust Wallet cryptocurrency wallets had their private keys and other sensitive data targeted for exfiltration by several Python Package Index packages impersonating tools for such wallets as part of new supply chain intrusions.
Such packages leveraged in the attacks had their legitimacy established by fraudulent statistics and included malicious code distributed across several dependencies to better evade detection, according to a report from Checkmarx. Additional analysis revealed the use of the "cipherbcryptors" dependency in six of the discovered packages, which had heavily concealed code. Researchers also reported that particular features of the packages had to be used to trigger the compromise of targeted cryptocurrency wallets and the exfiltration of their private keys and recovery phrases. The findings should prompt increased vigilance of such intrusions among software developers and cryptocurrency wallet users, as well as more extensive cybersecurity training programs for employees.
