Block malicious PyPI package set-utils that steals Ethereum private keys
#771
Labels
Code Update 🔔
Code Update
enhancement 👍
New feature or request
In-progress
In-progress
Priority: Medium
Priority: Medium
Comments
summercms
added
Code Update 🔔
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Enhancement idea
set-utilsthat steals Ethereum private keys.Description
A malicious PyPI package, 'set-utils', has been discovered by the Socket Research Team. This package, designed to steal Ethereum private keys, has been downloaded over 1,000 times since January 29, 2025. The package disguises itself as a simple utility for Python sets and mimics popular libraries like python-utils and utils. It targets Ethereum developers and organizations working with Python-based blockchain applications, including those using eth-account for wallet creation and management.
The package exfiltrates private keys via the Polygon RPC endpoint, making detection difficult. To mitigate this risk, developers and organizations should perform regular dependency audits and use automated scanning tools to detect anomalous or malicious behaviours in third-party packages.
Screenshots
n/a
Links
https://socket.dev/blog/new-pypi-malware-exfiltrates-ethereum-private-keys
IOC
I2P websites
n/a
IPFS websites
n/a
Tor2web websites
n/a
TOR websites
n/a
URL's
n/a
Folders
n/a
Sub-Domains
n/a
Domains
n/a
Package Names
Create folder:
pypi-packagesfolder:IP's
n/a
ASN's
n/a
Emails
n/a
Wallet addresses
n/a
Mining pool addresses
n/a
The text was updated successfully, but these errors were encountered: