malware pypi

bittenso

discovered 2025-08-12

bittenso is identified in the SafeDep analysis "Multiple Malicious Python Packages Targeting Bittensor Crypto Developers". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.

more…

Threat types

credential_stealer data_exfiltration rat persistence crypto_drainer typosquat

Malicious versions

9.9.5

Campaigns

Bittensor Typosquat Campaignattributed-to

Techniques

ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttp T1059.006 Command and Scripting Interpreter: Pythonuses
ttp T1036 Masqueradinguses
ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
ttp T1041 Exfiltration Over C2 Channeluses
ttp T1552.004 Unsecured Credentials: Private Keysuses
ttp T1105 Ingress Tool Transferuses
ttp T1071.001 Application Layer Protocol: Web Protocolsuses
ttp T1071.004 Application Layer Protocol: DNSuses
ttp T1546 Event Triggered Executionuses

Read the full analysis →