Crypto client or cyber trap? [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 4 January 2025

⏱️ 21 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Karlo Zanki, Reverse Engineer at ReversingLabs, discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa, designed to exfiltrate cryptocurrency wallet information. Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats. The research can be found here: Malicious PyPI crypto pay package aiocpa implants infostealer code Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	The IT world used to be simpler. You only had to secure and manage environments that you controlled.
0:20.6	Then came new technologies and new ways to work.
0:23.9	Now, employees, apps, and networks are everywhere.
0:27.5	This means poor visibility, security gaps, and added risk.
0:31.5	That's why Cloudflare created the first-ever connectivity cloud.
0:36.1	Visit cloudflare.com to protect your business everywhere you do business.
0:45.1	Hello everyone and welcome to the CyberWires Research Saturday.
0:55.8	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities,
1:03.7	solving some of the hard problems and protecting ourselves in a rapidly evolving cyberspace.
1:09.5	Thanks for joining us.
1:16.2	Thank you. in a rapidly evolving cyberspace. Thanks for joining us. So in this case, the detection was triggered by a machine learning model,
1:22.8	and we have a review procedure of those detections
1:27.4	to see which are true positives
1:29.8	and determine what type of malware in this case we had.
1:35.8	That's Carlos Zanky, reverse engineer at reversing labs.
1:39.4	The research we're discussing today is titled
1:42.1	Malicious Pi-PI crypto pay package implants
1:45.6	info stealer code.
1:51.0	So you get that indication from the automation and what motivated your team to dig deeper into the package?
2:02.5	Well, in this case, we have a package we have previously seen to have clean versions.
2:09.0	So usually when we encounter most of the malware in public factory repositories,
	...

Transcript will be available on the free plan in -41 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.