17 npm, PyPI Packages Found Typosquatting Payment SDKs PaySafe, Skrill, and Neteller

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Key Takeaways
  • Campaign Uncovered: Socket detected 17 malicious npm and PyPI packages typosquatting PaySafe, Skrill, and Neteller SDKs.
  • Rapid Detection: Each npm package shipped versions 1.0.0–1.0.3 and was flagged as malware within 6 minutes.
  • Data Theft: The packages harvest API keys, tokens, and secrets, exfiltrating them to AWS infrastructure.

Socket researcher Joseph Edwards uncovered a coordinated typosquatting campaign on July 7, 2026, involving 17 malicious packages published across npm and PyPI. The packages target developers of the PaySafe, Skrill, and Neteller payment Software Development Kits (SDKs), ultimately stealing credentials and tokens, Socket said.

The near-simultaneous release across ecosystems shows an attacker able to pivot between platforms, complicating detection for defenders who monitor only one registry.

Coordinated npm and PyPI Attack

The campaign spanned two major registries, with 13 malicious packages on npm and 4 on PyPI. Each npm package published four versions, 1.0.0 through 1.0.3, and Socket's AI scanner detected every one as malware within 6 minutes of publication:

Attackers use a fake SDK facade | Source: Socket
Attackers use a fake SDK facade | Source: Socket

The affected PyPI packages each published 1 malicious version (1.0.0) up to now, according to the July 7 report:

Fake SDK Facade and Sandbox Evasion

The packages mimic legitimate payment SDKs to appear trustworthy. In one example, a fake PaySafe REST client successfully without ever contacting real PaySafe endpoints. 

Before exfiltrating anything, the malware checks for analysis environments and skips exfiltration when it detects fewer than two CPU cores or hostnames and usernames containing terms like sandbox, analyzer, cuckoo, virus, malware, vmware, and vbox.

C2 Encoding and Credential Theft

The command-and-control (C2) hostname is hidden behind three decoding steps. The malware then harvests environment variables matching KEY, SECRET, TOKEN, PASS, AUTH, or API and sends them to AWS infrastructure. 

The resolved ngrok IP previously served as C2 for infostealers like NjRAT, suggesting shared or borrowed criminal infrastructure.

Socket recommends the following actions:

Last week, fake Perplexity AI Chromium Extension was seen hijacking browser search via a typosquatted domain, and the FBI warned malicious actors utilize FIFA-related typo squatting and alternate top-level domains to harvest sensitive data last month.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: