PyPI Package Caught Hijacking Crypto Trades on MEXC

Security researchers recently uncovered a nasty package lurking on the Python Package Index (PyPI). This wasn't your run-of-the-mill bug; it was designed to hijack trading orders on the MEXC cryptocurrency exchange and siphon off users' tokens. Sneaky stuff!

The package, called ccxt-mexc-futures, pretended to be an extension of the popular ccxt library (short for CryptoCurrency eXchange Trading). This ccxt library is widely used to connect to various crypto exchanges and handle payments. So, the malicious package was trying to piggyback on its good reputation.

Good news: the malicious package has since been removed from PyPI. However, before its takedown, it was downloaded at least 1,065 times, according to pepy.tech. That's a lot of potential victims!

According to JFrog researcher Guy Korolevski, "The authors of the malicious ccxt-mexc-futures package claimed it extended the CCXT package to support futures trading on MEXC." He shared his findings in a report with The Hacker News.

But here's where it gets interesting. A closer look revealed that the package actually overwrote key APIs related to the MEXC interface (contract_private_post_order_submit and contract_private_post_order_cancel) and added a new one (spot4_private_post_order_place).

The idea? To trick developers into using these malicious API endpoints when creating, canceling, or placing trades on MEXC. This allowed the attackers to secretly perform malicious actions in the background.

The malicious code specifically targeted three functions in the original ccxt library: describe, sign, and prepare_request_headers.

This allowed the attacker to run arbitrary code on the user's machine. The package would fetch a JSON payload from a fake MEXC domain (v3.mexc.workers[.]dev), which contained instructions to redirect the overridden APIs to a malicious third-party platform (greentreeone[.]com) instead of the real MEXC site.

"The package creates entries in the API for MEXC integration, using an API that directs requests to the domain greentreeone[.]com, and not the MEXC site mexc.com," Korolevski explained.

Essentially, all requests were being funneled to a domain controlled by the attackers. This allowed them to steal crypto tokens and sensitive information, including API keys and secrets.

Even worse, the fake package was designed to send the user's MEXC API key and secret key to the attacker's domain whenever a trade order was created, canceled, or placed.

If you've installed ccxt-mexc-futures, you need to act fast! Revoke any potentially compromised tokens and remove the package immediately.

This incident comes on the heels of a report from Socket, revealing that attackers are increasingly using counterfeit packages across npm, PyPI, Go, and Maven to create reverse shells for persistent access and data theft.

"Unsuspecting developers or organizations might inadvertently be including vulnerabilities or malicious dependencies in their code base, which could allow for sensitive data or system sabotage if undetected," Socket warned.

There's also new research highlighting how large language models (LLMs) powering AI tools could endanger the software supply chain by "hallucinating" non-existent packages and recommending them to developers.

This supply chain threat manifests when attackers register and publish malware-ridden packages with these hallucinated names on open-source repositories, infecting developer systems. This technique is known as slopsquatting.

The study found that "the average percentage of hallucinated packages is at least 5.2% for commercial models and 21.7% for open-source models, including a staggering 205,474 unique examples of hallucinated package names, further underscoring the severity and pervasiveness of this threat."