Over 450 malicious python packages were discovered to use typo squatting to steal crypto. The threat actor is using between 13 and 38 typosquatting versions for popular packages to cover a broad range of mistakes that would result in downloading the malicious package. The malicious packages were found to be installing malicious browser extensions to hijack cryptocurrency transactions made through browser based crypto wallets and websites. This is another example of why you need to do due diligence and scan your open source components before using it.
This segment was created for the It’s 5:05 podcast