Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials

Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious npm and PyPI packages were used to distribute stealer malware targeting developers and users of Paysafe, Skrill, and Neteller payment applications. The campaign stole credentials and access tokens, exfiltrating data to an AWS-hosted command-and-control server while posing as legitimate payment SDKs. #Paysafe #Skrill #Neteller #AWS #npm #PyPI

Keypoints

  • At least 17 malicious packages were published across npm and PyPI.
  • The packages impersonated Paysafe, Skrill, and Neteller SDKs.
  • They stole credentials, API keys, tokens, and other secrets from developers.
  • Exfiltrated data was sent to a command-and-control server on AWS.
  • Attackers used basic anti-analysis checks and could switch between ecosystems.

Read More: https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/