Supply-chain threat intelligence

Incident detail

criticalpypi·credential theft·osv

Malicious code in defi-tools (PyPI)

defi-tools

Risk score

92

AI summary

Indexed incident for defi-tools (pypi).

Description

The package embeds an executable stealing cryptocurrency wallets data. During import, code saves the executable under a name suggesting system utility and configures cron to run it periodically. The exfiltrated data is encrypted using embedded RSA code before uploading to file-sharing services or IPFS.


Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-07-py-base58

Reasons (based on the campaign):

  • crypto-related

  • exfiltration-crypto

  • persistence

Technical details

Affected versions

=0.8.0

Indicators

  • affected version=0.8.075%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents