TechFlow reported on October 12 that, according to Cointelegraph, cybersecurity firm Checkmarx released a report revealing dangerous malware lurking on the Python Package Index (PyPI) platform. These malicious packages disguise themselves as decoder applications for popular wallets such as MetaMask, Atomic, and TronLink, but are actually capable of stealing sensitive user data including private keys and recovery phrases.
Checkmarx researchers stated that since these malicious packages were first discovered in March, despite PyPI implementing measures such as suspending new projects and new user accounts, they reappeared in early October and have accumulated over 3,700 downloads.




