Skip to main content
← SIGNALS
[TECH]

Malicious Payment SDK Packages Target Developers on npm and PyPI

Socket has revealed that malicious payment SDK packages on npm and PyPI are compromising developer credentials and CI/CD environments, with 17 packages identified.

Editorial StaffJuly 8, 20261 MIN READ
Malicious Payment SDK Packages Target Developers on npm and PyPI

According to a report by Socket, a significant security threat has emerged in the form of malicious payment SDK packages found on npm and PyPI. These packages are designed to harvest sensitive developer credentials and CI/CD environment variables.

Socket's scanning infrastructure has detected a total of 17 malicious packages that have been deployed across these platforms. The implications of this malware are severe, as it poses a risk to the integrity of development environments.

Developers are urged to exercise caution and review their dependencies, ensuring that they are not using any compromised packages. This incident highlights the ongoing challenges in maintaining security within software development ecosystems.