A popular Python library used for building Bitcoin wallets has become the target of cyber malware.
According to ReversingLabs the malicious package attempted to overwrite valid commands in order extract sensitive database files.
Researchers say bitcoinlib is a "widely used open-source library" that allows crypto wallets to be created and managed—attracting more than one million downloads since its launch.
Named "bitcoinlibdbfix" and "bitcoinlib-dev," the malware had been masquerading as solutions to an issue that had caused error messages to appear during Bitcoin transfers.
Researchers claim that the rogue developers responsible joined a discussion in GitHub to lobby for their libraries, but it was recognized by other developers as a scam.
The two packages are no longer available for download, and therefore do not pose any risk to the developers.
ReversingLabs claims that they have been detected by sophisticated algorithms which determine if packages behave similarly to previous malware.
Experts say this automation is a crucial source of protection against "the rising tide of software supply chain attacks targeting cryptocurrency," and proves effective even if malware isn't accompanied by social engineering attacks.
"The number of new packages that get published on a daily basis is posing a challenge for security organizations, and ML model-based detection is currently the best answer that the security industry can provide," ReversingLabs engineer Karlo Zanki said.
The latest of a series of marketing campaigns aimed at crypto developers.
Kaspersky first warned about malware distribution through GitHub repositories in February. If downloaded, it could hijack the victim's keyboard and replace wallet addresses with ones controlled by the attackers.
A variant of XCSSET that is capable of taking screenshots, recording what a Telegram user does, and stealing data has been discovered.
Stacy Elliott is the editor.
