Malware Package Analysis: aiocpa
On 2024-11-21, PyPI was notified about a malware attack with few details. Upon further investigation, we found that the maintainer was injecting obfuscated code that will exfiltrate credentials to a specific Telegram bot. The credentials include tokens, API servers, and other Crypto Pay-related data, and it is unknown to PyPI Security whether these have been used in any manner.
The project has been removed from PyPI.
If you have installed any versions of aiocpa
,
audit your usage of the library and consider alternatives.
This may also appear as cryptopay
on disk,
as that's the internal name of this particular module --
which is not the same as the PyPI package cryptopay
-- a completely different package.