{"id":1569191,"date":"2025-03-07T08:57:36","date_gmt":"2025-03-07T10:57:36","guid":{"rendered":"https:\/\/teknomers.com\/fr\/ce-package-pypi-malveillant-a-vole-des-touches-privees-ethereum-via-des-transactions-rpc-polygonales\/"},"modified":"2025-03-07T08:57:42","modified_gmt":"2025-03-07T10:57:42","slug":"ce-package-pypi-malveillant-a-vole-des-touches-privees-ethereum-via-des-transactions-rpc-polygonales","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/ce-package-pypi-malveillant-a-vole-des-touches-privees-ethereum-via-des-transactions-rpc-polygonales\/","title":{"rendered":"Ce package PYPI malveillant a vol\u00e9 des touches priv\u00e9es Ethereum via des transactions RPC polygonales"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">07 mars 2025<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Malware \/ blockchain<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/Ce-package-PYPI-malveillant-a-vole-des-touches-privees-Ethereum.png\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Les chercheurs en cybers\u00e9curit\u00e9 ont d\u00e9couvert un package Python malveillant sur le r\u00e9f\u00e9rentiel Python Package Index (PYPI) qui est \u00e9quip\u00e9 pour voler les cl\u00e9s priv\u00e9es Ethereum d&#8217;une victime en usurpant l&#8217;identit\u00e9 de biblioth\u00e8ques populaires.<\/p>\n<p>Le package en question est <a rel=\"noopener nofollow\" href=\"https:\/\/pypi.org\/project\/set-utils\/\" target=\"_blank\">set-utils<\/a>qui a re\u00e7u <a rel=\"noopener nofollow\" href=\"https:\/\/pepy.tech\/projects\/set-utils\" target=\"_blank\">1 077 t\u00e9l\u00e9chargements<\/a> \u00e0 ce jour. Il n&#8217;est plus disponible en t\u00e9l\u00e9chargement \u00e0 partir du registre officiel.<\/p>\n<p>&#8220;Disgu\u00e9 en un utilitaire simple pour les ensembles de python, le package imite les biblioth\u00e8ques largement utilis\u00e9es comme Python-utils (712m + t\u00e9l\u00e9chargements) et les utils (23,5m + t\u00e9l\u00e9chargements)&#8221; <a rel=\"noopener nofollow\" href=\"https:\/\/socket.dev\/blog\/new-pypi-malware-exfiltrates-ethereum-private-keys\" target=\"_blank\">dit<\/a>.<\/p>\n<p>&#8220;Cette tromperie informe les d\u00e9veloppeurs sans m\u00e9fiance dans l&#8217;installation du package compromis, accordant aux attaquants un acc\u00e8s non autoris\u00e9 aux portefeuilles Ethereum.&#8221;<\/p>\n<div class=\"dog_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener sponsored\" href=\"https:\/\/thehackernews.uk\/cloud-secure-d\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybers\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/Mozilla-met-a-jour-les-termes-de-Firefox-apres-le.jpg\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Le package vise \u00e0 cibler les d\u00e9veloppeurs et les organisations Ethereum travaillant avec des applications de blockchain bas\u00e9es sur Python, en particulier les biblioth\u00e8ques de gestion des portefeuilles bas\u00e9es sur Python comme Eth-Account.<\/p>\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/Ce-package-PYPI-malveillant-a-vole-des-touches-privees-Ethereum.jpg\" style=\"clear: left; display: block; float: left;  text-align: center;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2025\/03\/Ce-package-PYPI-malveillant-a-vole-des-touches-privees-Ethereum.jpg\" alt=\"Paquet PYPI malveillant\" border=\"0\" data-original-height=\"853\" data-original-width=\"1189\" title=\"Paquet PYPI malveillant\"\/><\/a><\/div>\n<p>En plus d&#8217;incorporer la cl\u00e9 publique RSA de l&#8217;attaquant \u00e0 utiliser pour chiffrer les donn\u00e9es vol\u00e9es et un compte Ethereum Sender sous leur contr\u00f4le, la biblioth\u00e8que accroche des fonctions de cr\u00e9ation de portefeuille comme &#8220;From_key ()&#8221; et &#8220;From_mnewMonic ()&#8221; pour intercepter les cl\u00e9s priv\u00e9es car elles sont g\u00e9n\u00e9r\u00e9es sur la machine compromise.<\/p>\n<p>Dans une tournure int\u00e9ressante, les touches priv\u00e9es sont exfiltr\u00e9es dans les transactions de blockchain via le point de terminaison RPC du polygone &#8220;RPC-AMOY.Polygon.Technology&#8221; dans le but de r\u00e9sister aux efforts de d\u00e9tection traditionnels qui surveillent les demandes http suspectes.<\/p>\n<p>&#8220;Cela garantit que m\u00eame lorsqu&#8217;un utilisateur cr\u00e9e avec succ\u00e8s un compte Ethereum, sa cl\u00e9 priv\u00e9e est vol\u00e9e et transmise \u00e0 l&#8217;attaquant&#8221;, a d\u00e9clar\u00e9 Socket. &#8220;La fonction malveillante fonctionne dans un fil d&#8217;arri\u00e8re-plan, ce qui rend la d\u00e9tection encore plus difficile.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant? Suivez-nous <a rel=\"noopener nofollow\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Gazouillement <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"noopener nofollow\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">Liendin<\/a> Pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2025\/03\/this-malicious-pypi-package-stole.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80207 mars 2025\ue804Ravie LakshmananMalware \/ blockchain Les chercheurs en cybers\u00e9curit\u00e9 ont d\u00e9couvert un package Python malveillant sur le r\u00e9f\u00e9rentiel Python Package Index (PYPI) qui est \u00e9quip\u00e9 pour voler les cl\u00e9s priv\u00e9es Ethereum d&#8217;une victime en usurpant l&#8217;identit\u00e9 de biblioth\u00e8ques populaires. Le package en question est set-utilsqui a re\u00e7u 1 077 t\u00e9l\u00e9chargements \u00e0 ce jour. Il [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1569192,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[274266,274265,4168,79002,274264,4161,274263,6124,133,30972,7733,274267,4160,7878,284998,19699,69497,266400,238617,246491,4172,79016,2008,5490,4166,1661,4164],"class_list":["post-1569191","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-de-piratage","tag-actualites-des-pirates","tag-comment-pirater","tag-cyber-security-news","tag-cyber-security-news-aujourdhui","tag-cyber-mises-a-jour","tag-cyber-nouvelles","tag-cyberattaques","tag-des","tag-ethereum","tag-malveillant","tag-malware-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-package","tag-polygonales","tag-privees","tag-pypi","tag-rpc","tag-securite-de-linformation","tag-securite-du-reseau","tag-securite-informatique","tag-the-hacker-news","tag-touches","tag-transactions","tag-violation-de-donnees","tag-vole","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1569191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1569191"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1569191\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1569192"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1569191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1569191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1569191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}