← All stories
● Covered by 1 source Β· 1 reportHigh impact

Malicious SDKs on npm and PyPI Target Paysafe, Skrill, and Neteller Users

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

At least 17 malicious packages on npm and PyPI masqueraded as legitimate Paysafe, Skrill, and Neteller SDKs, deploying credential-stealing malware. This attack could compromise sensitive user data, impacting developers and businesses relying on these payment services.

Key points

Overview of the Attack

Malicious software was discovered in multiple packages on the Node Package Manager (npm) and Python Package Index (PyPI), designed to impersonate official Paysafe, Skrill, and Neteller SDKs. The threat actor published 17 versions that infiltrated developer environments with malicious intent.

Impact on Developers and Users

Developers use these SDKs to integrate secure payment options into applications. The compromised packages exfiltrate sensitive data including API keys and user credentials to an AWS-hosted command-and-control server.

Given the popularity of these payment platforms, the attack could potentially affect a significant number of e-commerce sites, online marketplaces, and forex trading platforms.

Details of the Malicious Packages

The identified packages included names such as 'npm/paysafe-checkout' and 'pypi/paysafe-sdk'. Each npm package had versions from 1.0.0 to 1.0.3, while PyPI packages only had a single version. These packages pretended to provide legitimate SDK functionality but returned fake success responses instead of genuine backend communications.

Data Theft Mechanism

The malicious code embedded in these packages specifically targets credentials and sensitive keys, highlighting a coordinated effort to exploit vulnerabilities in developer workflows. The npm packages activate data exfiltration only when a Paysafe API key is detected, whereas the PyPI versions initiate this process upon initialization.

Conclusion and Recommendations

This incident underlines the critical need for developers to verify package integrity before integration. Increased vigilance in monitoring package sources and employing security measures can mitigate risks associated with such attacks.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Reporting from

At least 17 malicious packages on npm and PyPI masqueraded as legitimate Paysafe, Skrill, and Neteller SDKs, deploying credential-stealing malware. This attack could compromise sensitive user data, impacting developers and businesses relying on these payment services.