Credential theft achieved by malicious MEXC order-hijacking PyPI package

Major cryptocurrency trading exchange MEXC could have its trading orders hijacked and credential tokens exfiltrated through the new malicious ccxt-mexc-futures package, which has amassed at least 1,065 downloads before being removed from the Python Package Index repository, The Hacker News reports.

The package, which masquerades as an extension to the widely used CryptoCurrency eXchange Trading library, rescinds a pair of MEXC interface-related APIs to introduce a new one in a bid to deceive developers into creating or cancelling trading orders with the fake APIs, which could prompt arbitrary code execution, according to a JFrog analysis. "All requests are redirected to the domain set up by the attackers, allowing them to hijack all of the victim's crypto tokens and sensitive information transferred in the request, including API keys and secrets," said JFrog researcher Guy Korolevski. Such findings come as fake npm, PyPI, Go, and Maven packages were reported by Socket researchers to have been used for data compromise. Hallucinated software packages produced by large language models have also been noted to be a significant threat to the software supply chain.