Malicious PyPI Package Hijacks MEXC Orders, Steals Crypto Tokens

JFrog Security Research has identified a malicious package named "ccxt-mexc-futures" that poses a significant threat by exploiting the legitimate CryptoCurrency eXchange Trading (CCXT) Python package, which is widely used for cryptocurrency trading. The malicious package impersonates the original CCXT functionality to hijack trading API requests, redirecting them to a fake server designed to steal sensitive information such as API keys and crypto tokens. It utilizes sophisticated obfuscation techniques and a fraudulent domain that mimics the MEXC exchange, misleading users into believing their trades are legitimate. In response, JFrog Xray has been updated to detect this threat, encouraging users to revoke compromised tokens and remove the package to secure their trading accounts.