Seventeen malicious packages were published simultaneously to npm and PyPI, posing as Paysafe, Skrill, and Neteller software development kits while silently stealing credentials, researchers at Socket report.
Scope and delivery: 17 fake SDKs on npm and PyPI
Socket identified 17 malicious packages uploaded to the Node Package Manager (npm) and the Python Package Index (PyPI) that impersonated legitimate payment SDKs. The full list of package names reported by Socket is:
- npm/paysafe-checkout
- npm/paysafe-vault
- npm/neteller
- npm/skrill-payments
- npm/paysafe-js
- npm/paysafe-api
- npm/paysafe-node
- npm/paysafe-cards
- npm/paysafe-fraud
- npm/paysafe-kyc
- npm/skrill
- npm/skrill-sdk
- npm/paysafe-payments
- pypi/paysafe-kyc
- pypi/paysafe-payments
- pypi/paysafe-sdk
- pypi/paysafe-api
Socket reported that the 13 npm packages contained four malicious releases, versions 1.0.0 through 1.0.3, while the four PyPI packages each contained one malicious release, 1.0.0.
How the packages behaved: fake APIs, fake successes, real theft
Each package pretended to be a legitimate payment SDK and exposed the expected APIs. Instead of forwarding calls to Paysafe’s backend services, the fake SDKs returned fabricated success responses to the calling application. That ruse hid the true intent: embedded code that searched the host for secrets and exfiltrated them to a command-and-control server hosted on Amazon Web Services (AWS).
What was taken, and when the theft activates
Socket’s analysis shows the exfiltrated items included Paysafe API keys, AWS keys, GitHub tokens, npm tokens, hostnames, usernames, and metadata about API usage. The activation behavior differed between ecosystems:
- npm packages: the data-theft module attempted exfiltration only if a Paysafe API key was present and activated when the fake SDK was invoked.
- PyPI packages: the data-theft routine activated automatically upon module initialization and did not require a Paysafe API key to be present.
The choice to return expected API responses while harvesting credentials enabled the packages to remain functionally useful to the application and reduce the likelihood of immediate detection.
Technical safeguards and attribution signals
Socket observed basic anti-analysis checks in the malware. The malicious code stopped execution if it detected fewer than two CPU cores or if the hostname or username contained cues suggesting a virtualized or analysis environment. Socket concluded the actor shows sufficient technical skill to operate across ecosystems and warned the campaign may return in a more organized fashion.
Socket also noted that the attacker’s ability to pivot between ecosystems—npm and PyPI—complicates defense when defenders have visibility into only one registry or language ecosystem.
What this means for developers, security teams, and registries
Developers integrating payment SDKs: If any of the listed packages were installed, Socket recommends immediately rotating all secrets on any machine that imported or executed the package. Developers should search dependency trees for the package names used in the campaign and remove any matches.
Continuous Integration (CI) and security teams: Socket advises searching CI logs for occurrences of PAYSAFE_API_KEY in combination with any of the listed package names. Teams are also urged to deny requests for the malicious package names at the registry proxy level to prevent accidental reinstalls.
Registry operators and procurement teams: The cross-ecosystem nature of this campaign demonstrates the value of supply-chain controls that span multiple language registries. Denying the specific package names at proxy or gateway layers and monitoring for reuploads are immediate mitigations Socket recommends.
Conclusion
This campaign exemplifies a straightforward but effective supply-chain technique: mimic expected SDK behavior to avoid breaking callers, while harvesting and exfiltrating secrets behind the scenes. Socket’s concrete recommendations—rotate secrets, search dependency trees, block packages at proxy, and inspect CI logs for PAYSAFE_API_KEY signatures—are immediate steps organizations identified at risk can take now. The unresolved question Socket highlights is operational: whether the actor behind these uploads will refine their tooling and return with broader or more persistent campaigns that further blur the lines across language ecosystems.




