Security News > 2023 > February > 451 PyPI packages install Chrome extensions to steal crypto
Over 450 malicious PyPI python packages were found installing malicious browser extensions to hijack cryptocurrency transactions made through browser-based crypto wallets and websites.
This discovery is a continuation of a campaign initially launched in November 2022, which initially started with only twenty-seven malicious PyPi packages, and now greatly expanding over the past few months.
These packages are being promoted through a typosquatting campaign that impersonates popular packages but with slight variations, such as an altered or swapped character.
The goal is to deceive software developers into downloading these malicious packages instead of the legitimate ones.
To hijack cryptocurrency transactions, the malicious PyPi packages will create a malicious Chromuim browser extension in the '%AppData%Extension' folder, similar to the November 2022 attacks.
For a complete list of the malicious packages that should be avoided, check the bottom section of Phylum's report.