Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Summary
Malicious software packages masquerading as legitimate SDKs for Paysafe, Skrill, and Neteller have been discovered on NPM and PyPI. These packages are designed to steal user credentials, posing a significant risk to developers and users of these payment platforms.
IFF Assessment
The discovery of malicious packages designed to steal credentials represents a direct threat to users and developers, impacting the security of financial transactions and sensitive data.
Defender Context
This incident highlights the ongoing threat of malicious packages in software supply chains, particularly targeting popular development platforms like npm and PyPI. Defenders should exercise extreme caution when incorporating third-party libraries and implement robust dependency scanning and validation processes to identify and mitigate such risks.