V-Help
← All news
Security

Malicious SDKs for Paysafe and Skrill on NPM and PyPI Steal Developer Data

Malicious SDKs for Paysafe and Skrill on NPM and PyPI Steal Developer Data

Photo: BleepingComputer

Quick answer

Threat actors distributed counterfeit SDKs for Paysafe and Skrill through NPM and PyPI repositories, embedding spyware to steal developer credentials.

Cybercriminals have targeted developers by distributing malicious packages through popular NPM and PyPI repositories. These packages masqueraded as official SDKs for Paysafe, Skrill, and Neteller but contained spyware instead.

The primary goal of the attack was to steal credentials from developers working with financial APIs. Once the fake libraries were installed, threat actors gained access to sensitive information, potentially leading to unauthorized transactions and data leaks.

Cybersecurity experts warn that such attacks are becoming increasingly common, particularly targeting financial services. Developers are advised to verify package authenticity, use digital signatures, and avoid installing libraries from untrusted sources.

To mitigate these risks, implementing static code analysis tools and dependency monitoring is highly recommended. These tools help identify suspicious packages early and prevent potential data breaches.

Common questions

Which repositories were used to distribute the malicious packages?
Attackers deployed fake packages on NPM (for Node.js) and PyPI (for Python), platforms commonly used by developers to install libraries and SDKs.
Which payment systems were affected by the attack?
The attack targeted developers and users of Paysafe, Skrill, and Neteller. The malicious packages masqueraded as official SDKs for these services.
How can users protect themselves from such threats?
Always verify package authenticity before installation, use only official sources, and employ security analysis tools like vulnerability scanners to detect suspicious code.
Share:

Dzen feed: /feed/dzen.xml · RSS: /feed.xml

Why trust this

Prepared by the V-Help editorial team from the primary source with a published date.

Published by: V-Help.ru news desk

Source: BleepingComputer