Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials

BleepingComputer
Actively Exploited

Overview

Recently, malicious packages were discovered on the Node Package Manager (npm) and the Python Package Index (PyPI) that specifically targeted users of Paysafe, Skrill, and Neteller payment applications. These packages delivered stealer malware, which is designed to capture sensitive credentials from users. Developers and other users who unwittingly downloaded these harmful packages are at risk of having their account information compromised. This incident raises significant concerns about the security of popular software repositories and highlights the need for vigilance among developers when sourcing packages. Users of these payment platforms should immediately review their account security and monitor for any unauthorized access.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Paysafe, Skrill, Neteller applications
  • Action Required: Users should review their account security and monitor for unauthorized access.
  • Timeline: Newly disclosed

Original Article Summary

Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. [...]

Impact

Paysafe, Skrill, Neteller applications

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should review their account security and monitor for unauthorized access. Developers should avoid using unverified packages and ensure they are sourcing software from trusted repositories.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Related Coverage

As Global Conflicts Go Digital, Businesses Need Wartime Gameplans

darkreading

The article discusses the impact of cyberwarfare on businesses, using the example of a Ukrainian tax software company that has suffered due to the ongoing conflict in Ukraine. This situation illustrates how cyberattacks can extend their reach far beyond the immediate battlefield, affecting companies worldwide. Businesses in other countries, especially those connected to or reliant on technology, need to recognize the risks posed by cyber conflicts and take proactive measures to safeguard their operations. It emphasizes the necessity for companies to develop strategic plans to respond to potential cyber threats stemming from global conflicts. This is particularly relevant as the nature of warfare evolves into a digital arena.

Jul 9, 2026

UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge

SecurityWeek

On July 7, 2026, the UK government announced its Agentic AI Defense Plan, aiming to enhance the nation's cybersecurity capabilities. This initiative comes alongside a pledge from various industry players to strengthen cooperation in tackling cyber threats. The government is prioritizing the integration of artificial intelligence to better predict and respond to cyber incidents. This move is significant as it reflects a proactive approach to safeguarding sensitive information and critical infrastructure against increasingly sophisticated cyberattacks. By fostering collaboration between public and private sectors, the UK aims to build a more resilient cybersecurity framework.

Jul 9, 2026

AI Gateways Offer Attackers the Keys to the Kingdom

darkreading

A recent cryptomining incident has revealed that AI gateways can be exploited by attackers to gain access to sensitive resources like AI models, cloud infrastructure, and identity and access management (IAM) data. This situation raises concerns for organizations that rely on these technologies, as it highlights vulnerabilities that could be leveraged for unauthorized activities. The incident serves as a warning that companies need to reassess their security measures around AI and cloud systems to prevent similar breaches. As these technologies become more integrated into business operations, the potential for exploitation increases, making it essential for users to understand the risks involved. The implications of such breaches could be significant, affecting not only data security but also operational integrity.

Jul 9, 2026

Microsoft to retire the OWA Light client in Exchange Server

BleepingComputer

Microsoft is set to retire the Outlook Web Access (OWA) Light client in an upcoming update to Exchange Server. This lightweight version of the email client was designed for users with limited bandwidth or older devices. The discontinuation means that users relying on OWA Light will need to transition to the standard OWA client, which could impact their ability to access email if their devices or connections are not compatible. Microsoft has not yet specified a timeline for the retirement or provided detailed guidance on the transition process. This change could affect organizations with users who depend on the lighter version for remote access, potentially disrupting their workflow.

Jul 9, 2026

Police arrests 5,800 suspects in global anti-fraud crackdown

BleepingComputer

In a significant global crackdown on fraud, law enforcement agencies have arrested 5,811 suspects across 97 countries and confiscated $293 million in illegal assets. This operation, which involved collaboration between various international police forces, aimed to dismantle networks involved in scams and financial fraud. The arrests included individuals associated with tech support scams, online shopping fraud, and money laundering. These efforts are crucial in combating the growing trend of online fraud, which affects countless victims worldwide and undermines trust in digital transactions. The scale of this operation underscores the need for continued vigilance and cooperation among nations to tackle cybercrime effectively.

Jul 9, 2026

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

The Hacker News

Microsoft has addressed a significant vulnerability in its Defender antivirus software, dubbed RoguePlanet, which was made public nearly a month ago. This flaw, tracked as CVE-2026-50656, has a CVSS score of 7.8, indicating a high risk of privilege escalation. It affects the Microsoft Malware Protection Engine, specifically the 'mpengine.dll' component responsible for scanning and cleaning malware. If exploited, this vulnerability could allow attackers to gain SYSTEM privileges on affected systems, posing a serious security risk. Users of Microsoft Defender are urged to apply the latest security updates to protect their systems from potential exploitation.

Jul 9, 2026