
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
py-base58
Advanced tools
This module is highly consistent with a supply-chain backdoor/dropper. On import, it retrieves an embedded binary payload, writes it to a hidden per-user directory with executable permissions for all users, installs cron-based persistence to execute the dropped binary periodically, and performs anti-forensics by deleting packaging metadata directories and __pycache__. The included Base58 utilities appear unrelated to the host-impacting behavior and are likely incidental or decoy code. Treat the package as malicious unless proven otherwise by independent inspection of the referenced sibling payload module and runtime behavior.
base58 — Fast base58 encoding/decoding for Python.
A simple, dependency-free implementation of Base58/Base58Check encoding used by Bitcoin and other cryptocurrency address formats.
FAQs
Fast Base58 and Base58Check encoding for Python (bitcoin-style)
The pypi package py-base58 receives a total of 0 weekly downloads. As such, py-base58 popularity was classified as not popular.
We found that py-base58 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.