A malicious PyPI package, ‘aiocpa’, disguised as a legitimate cryptocurrency client tool, implanted infostealer code to compromise cryptocurrency wallets. The attackers used a stealthier approach, publishing their own tool rather than impersonating existing packages. This highlights the risks of using third-party open-source packages without proper security assessment and version pinning. Machine learning-based threat hunting proved crucial in detecting the malicious package.
