Summary: Cybersecurity researchers identified malicious libraries in the Python Package Index (PyPI) designed to steal sensitive information, including a fully automated carding script targeting WooCommerce stores. These libraries, masquerading as legitimate fixes, attracted significant downloads before being removed. The malicious activities included exfiltrating credit card details through automated transactions while mimicking legitimate shopping behavior.
Affected: Python Package Index (PyPI), WooCommerce
Keypoints :
- Two malicious packages pretended to fix issues in a legitimate module, while a third targeted WooCommerce transactions.
- The embedded malicious code aimed to steal sensitive database files and test stolen credit cards against legitimate merchant systems.
- The automated carding script was downloaded over 34,000 times, allowing attackers to validate stolen credit card information without detection.
Source: https://thehackernews.com/2025/04/malicious-python-packages-on-pypi.html