A malicious PyPI package, ‘aiocpa’, was discovered to be injecting infostealer code into cryptocurrency wallets. This highlights the risk of malicious code injection into open-source software repositories and the importance of dependency management. The malicious actors did not use typosquatting techniques, but published a legitimate-looking crypto client to attract users.
