Fake Paysafe and Skrill SDKs on npm and PyPI Steal CI/CD Secrets
17 malicious packages masquerading as payment processor SDKs exfiltrate API keys, AWS credentials, and GitHub tokens from developer environments. Packages flagged within 6 minutes of upload.
Security researchers at Socket identified 17 malicious packages across npm and PyPI on July 7, all masquerading as legitimate SDKs for PaySafe, Skrill, and Neteller payment services. The packages harvest Paysafe API keys, AWS credentials, GitHub tokens, and npm tokens from developer machines and CI/CD pipelines, exfiltrating them to attacker-controlled infrastructure.
Socket's automated scanning flagged the packages within six minutes of publication. But in an ecosystem where developers routinely install dozens of dependencies without manual review, even brief availability windows create risk.
The Malicious Packages
The campaign deployed 13 packages to npm and 4 to PyPI, each published in versions 1.0.0 through 1.0.3:
npm packages: paysafe-checkout, paysafe-vault, neteller, skrill-payments, paysafe-js, paysafe-api, paysafe-node, paysafe-cards, paysafe-fraud, paysafe-kyc, skrill, skrill-sdk, paysafe-payments
PyPI packages: paysafe-kyc, paysafe-payments, paysafe-sdk, paysafe-api
The package names closely mirror what a developer might search for when integrating payment processing. The official Paysafe documentation doesn't ship packages with these exact names, but developers unfamiliar with the official integration approach might install the fakes.
Credential Harvesting Behavior
The npm and PyPI variants use different activation triggers. On npm, the stealer code activates when the fake SDK is actually called with a Paysafe API key present—meaning the theft occurs during integration testing or production use. The PyPI packages activate automatically on import, requiring no additional triggering.
Both variants target similar credential sets: Paysafe API keys, AWS access keys, GitHub tokens, npm tokens, hostname, username, and API usage metadata. The inclusion of npm tokens is particularly dangerous—compromised tokens could enable further supply chain attacks by pushing malicious updates to legitimate packages the developer maintains.
The C2 infrastructure uses ngrok-free.dev domains, which provide free, ephemeral tunnel endpoints that are difficult to preemptively block.
Sandbox Evasion
The packages include anti-analysis features. Before exfiltrating credentials, they check for common sandbox indicators: fewer than two CPU cores, or hostnames and usernames containing strings like "sandbox", "analyzer", "cuckoo", "virus", "malware", "vmware", or "vbox". If any check matches, the script terminates without reaching the exfiltration phase.
This evasion technique explains why automated security scanning might miss the malicious behavior during basic dynamic analysis. Sandboxes meeting these criteria see clean execution.
Why Payment SDKs
Paysafe, Skrill, and Neteller serve sectors with high transaction volumes and correspondingly valuable API credentials: e-commerce, online gaming, cryptocurrency exchanges, and forex trading platforms. Compromised Paysafe API keys could enable fraudulent transactions. AWS and GitHub credentials provide lateral movement into cloud infrastructure and source code repositories.
The ChocoPOC supply chain attack we covered yesterday targeted security researchers through fake exploit code. This campaign targets a different developer population—fintech integrators—using the same fundamental approach: poison the supply chain with plausible-looking packages.
Detection and Response
Organizations using any of the named packages should immediately:
- Rotate all potentially exposed credentials including Paysafe API keys, AWS access keys, GitHub tokens, and npm tokens
- Audit CI/CD logs for connections to ngrok-free.dev domains
- Review npm/PyPI dependency additions from the past week for unexpected packages
- Check package-lock.json and requirements.txt for the listed malicious package names
- Implement dependency scanning tools that check packages against known-malicious registries
The rapid flagging by Socket demonstrates the value of automated supply chain security scanning. But the six-minute publication-to-detection window still allowed potential installations. For organizations integrating payment processing, manual verification of SDK sources against official vendor documentation remains essential.
Broader Context
This campaign adds to a growing list of supply chain attacks targeting developer tooling. The combination of typosquatting, credential harvesting, and sandbox evasion represents a mature attack pattern. The attacker demonstrated "sufficient technical capability," according to Socket, though specific attribution remains unavailable.
For more on protecting development environments, see our cybersecurity tools covering supply chain security scanners and dependency auditing solutions.
Related Articles
npm Typosquat Packages Drop PowerShell RAT Targeting Chrome Creds
Three malicious packages impersonating PostCSS tools deploy a multi-stage Windows RAT. The payload steals saved passwords by bypassing Chrome's app-bound encryption.
Jun 24, 2026Malicious Sicoob NuGet Package Steals Banking Certs as npm Campaign Targets AWS Keys
A fake Sicoob SDK on NuGet exfiltrated PFX certificates and banking credentials from Brazilian developers, while 14 malicious npm packages harvested AWS keys, Vault tokens, and CI/CD secrets.
May 30, 2026Leaked Shai-Hulud Code Spawns npm Infostealer With DDoS Capabilities
Leaked Shai-Hulud malware source code fuels new npm supply chain attack. Four malicious packages steal credentials and deploy DDoS bot with TCP/UDP flood capabilities.
May 22, 2026SAP npm Packages Backdoored in TeamPCP Supply Chain Attack
Four official SAP CAP ecosystem packages compromised on April 29, harvesting developer credentials, cloud secrets, and CI/CD tokens through malicious preinstall scripts.
May 1, 2026