Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to a malicious server and steal tokens.
The package, ccxt-mexc-futures, purports to be an extension built on top of a popular Python library named ccxt (short for CryptoCurrency eXchange Trading), which is used to connect and trade with several cryptocurrency exchanges and facilitate payment processing services.
The malicious package is no longer available on PyPI, but statistics on pepy.tech shows that it has been downloaded at least 1,065 times.
“The authors of the malicious ccxt-mexc-futures package, claim in its README file that it extends the CCXT package to support ‘futures’ trade on MEXC,” JFrog researcher Guy Korolevski said in a report shared with The Hacker News.
However, a deeper examination of the library has revealed that it specifically overrides two APIs associated with the MEXC interface — contract_private_post_order_submit and contract_private_post_order_cancel — and introduces a new one named spot4_private_post_order_place.
In doing so, the idea is to trick developers into calling these API endpoints to create, cancel, or place a trading order on the MEXC exchange and stealthily perform malicious actions in the background.
The malicious modifications particularly target three different MEXC-related functions present in the original ccxt library, viz. ֵdescribe, sign, and prepare_request_headers.
This makes it possible to execute arbitrary code on the local machine on which the package is installed, effectively retrieving a JSON payload from a bogus domain impersonating MEXC (“v3.mexc.workers[.]dev”), which contains a configuration to direct the overridden APIs to a malicious third-party platform (“greentreeone[.]com”) as opposed to the actual MEXC website.
“The package creates entries in the API for MEXC integration, using an API that directs requests to the domain greentreeone[.]com, and not the MEXC site mexc.com,” Korolevski said.
“All requests are redirected to the domain set up by the attackers, allowing them to hijack all of the victim’s crypto tokens and sensitive information transferred in the request, including API keys and secrets.”
What’s more, the fraudulent package is engineered to send the MEXC API key and secret key to the attacker-controlled domain whenever a request is sent to create, cancel, or place an order.
Users who have installed ccxt-mexc-futures are recommended to revoke any potentially compromised tokens and remove the package with immediate effect.
The development comes as Socket revealed that threat actors are making use of counterfeit packages across npm, PyPI, Go, and Maven ecosystems to launch a reverse shell to maintain persistence and exfiltrate data.
“Unsuspecting developers or organizations might inadvertently be including vulnerabilities or malicious dependencies in their code base, which could allow for sensitive data or system sabotage if undetected,” the software supply chain security company said.
It also follows new research that delves into how large language models (LLMs) powering generative artificial intelligence (AI) tools could endanger the software supply chain by hallucinating non-existent packages and recommending them to developers.
The supply chain threat comes into play when malicious actors register and publish malware-laced packages with the hallucinated names to open-source repositories, infecting developer systems in the process – a technique referred to as slopsquatting.
The academic study found that “the average percentage of hallucinated packages is at least 5.2% for commercial models and 21.7% for open-source models, including a staggering 205,474 unique examples of hallucinated package names, further underscoring the severity and pervasiveness of this threat.”
