malware pypi
bitensor
discovered 2025-08-12bitensor is identified in the SafeDep analysis "Multiple Malicious Python Packages Targeting Bittensor Crypto Developers". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.
Threat types
credential_stealer data_exfiltration rat persistence crypto_drainer typosquat
Malicious versions
- 9.9.4
- 9.9.5
Campaigns
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1059.006 Command and Scripting Interpreter: Pythonuses
- ttp T1036 Masqueradinguses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1552.004 Unsecured Credentials: Private Keysuses
- ttp T1105 Ingress Tool Transferuses
- ttp T1071.001 Application Layer Protocol: Web Protocolsuses
- ttp T1071.004 Application Layer Protocol: DNSuses
- ttp T1546 Event Triggered Executionuses
