Back to Insights
Threats4 min read8 July 2026

17 Fake Payment SDKs on npm and PyPI Stole API Keys and Cloud Credentials from Developers

A single attacker planted 17 counterfeit packages impersonating Paysafe, Skrill and Neteller on the two largest public code registries, silently harvesting secrets from any developer who installed them.

t2s
train2secure NewsdeskSecurity awareness team
A photoreal close-up of a developer's hands typing at a mechanical keyboard in a dimly lit office, with multiple termina

A single threat actor uploaded 17 malicious packages to npm and PyPI, the two dominant public code registries, disguising them as official software development kits for the payment brands Paysafe, Skrill and Neteller.

What happened and who found it

Researchers at Socket, an application security firm, discovered the campaign after spotting packages whose names closely mimicked legitimate payment SDKs. Names like `paysafe-checkout`, `paysafe-vault`, `skrill-sdk` and `neteller` sit comfortably on a developer's reading list. That familiarity was the whole point.

Paysafe processes payments for e-commerce, travel, gaming and software platforms. Skrill and Neteller are digital wallets favored by online betting operators, cryptocurrency exchanges and forex traders. A developer working in any of those sectors would think nothing of pulling in a Paysafe SDK on a given afternoon. Normal workflow. No red flags.

Socket confirmed the packages were live across both registries. npm serves JavaScript developers. PyPI serves the Python community. Together they see billions of downloads every month, which makes them attractive distribution channels for anyone who wants to reach a lot of machines quietly.

What the packages actually stole

The malicious code behaved credibly on the surface, even returning fake success responses during testing. Underneath, it ran a credential harvesting routine targeting Paysafe API keys, Amazon Web Services access keys, GitHub tokens and npm authentication tokens. It also collected each machine's hostname and username before sending the full package to an attacker-controlled server hosted on AWS infrastructure.

The npm variants were selective: they only transmitted data if a Paysafe API key was already present on the machine. The PyPI variants were less patient. They executed the theft routine immediately on import, with or without a target key in sight.

Both versions included basic sandbox-evasion logic. If a machine had fewer than two processor cores or its hostname resembled a researcher's test environment, the malware stayed silent. Not sophisticated, but enough to slow down casual automated analysis.

An API key is effectively a machine-readable password. Steal a Paysafe API key and you can impersonate that business to the payment processor. Steal AWS credentials and you may be able to spin up compute instances, read production databases, or empty a cloud billing account. The Verizon 2024 Data Breach Investigations Report found that stolen credentials appeared in 38 percent of all breaches, making credential harvesting the most consequential single attack primitive in wide circulation.

Which control failed here

This attack did not exploit a software vulnerability with a CVE number. It exploited developer trust and a structural weakness in the open-source supply chain: public registries allow anyone to publish packages under names that resemble legitimate tools. There is no cryptographic proof of publisher identity by default, no mandatory namespace verification and no automated malware gate that catches novel obfuscated payloads at upload time.

The missing control is dependency verification. Teams that enforce a verified publisher policy, pin dependency versions to specific cryptographic hashes, and run supply-chain scanning tools before any package reaches a build pipeline would have caught these packages before execution. Software composition analysis, described in NIST SP 800-218 (Secure Software Development Framework), calls for exactly this kind of pre-integration vetting as part of a mature development pipeline.

But there is a second, equally important failure: developers on affected teams had no trained instinct to pause before installing an unverified package with no release history, no public repository commits and no community engagement. Security awareness training that includes developer-specific modules on supply-chain hygiene gives engineers the reflex to check a package's provenance before running `pip install` or `npm install`, the same way a finance employee checks a wire-transfer request before approving it.

Should end users of Paysafe or Skrill be concerned

Not directly. The attack targeted software developers, not the payment platforms themselves. There is no public evidence that Paysafe's, Skrill's or Neteller's production systems were compromised. Customers should maintain standard account hygiene: monitor statements, treat unexpected account-related emails with suspicion, and enable any second-factor authentication option the platforms offer.

What affected developers must do now

Socket's guidance is direct. Any developer who may have installed one of the 17 packages should treat every secret on that machine as compromised and rotate immediately. That means:

  • Invalidating and reissuing all AWS IAM access keys associated with the affected machine or CI runner.
  • Revoking and regenerating GitHub personal access tokens and npm authentication tokens.
  • Rotating any Paysafe API keys tied to that environment.
  • Searching continuous integration logs for the string `PAYSAFE_API_KEY` alongside the flagged package names to determine whether the exfiltration routine triggered during an automated build.
  • Configuring a registry proxy or internal artifact mirror to block the listed package names outright.

Socket's researchers noted that whoever ran this campaign understood developer workflows well enough to target the right industries and craft plausible package names. They consider a follow-up campaign under different names a realistic possibility. Typosquatting on package registries is cheap, repeatable and needs to succeed only once to cause serious damage.

Teams that have not yet reviewed their dependency approval process should treat this incident as a practical prompt. A formal software bill of materials, combined with automated pre-install scanning and clear internal policy on acceptable package sources, closes most of the surface area this attacker exploited. The Train2Secure pricing page outlines developer-track training options for teams building those habits at scale.

How this attack could have been stopped

  • Train every developer to verify package provenance, publisher history and community activity before running any install command in a production-adjacent environment.
  • Implement software composition analysis scanning in CI pipelines so unrecognized or newly published packages are flagged before they execute on any machine.
  • Establish a formal secrets-rotation runbook so that if a developer machine is ever compromised, the response is instant and systematic rather than ad hoc.

Train2Secure offers developer-specific security awareness modules that build exactly the supply-chain instincts this campaign exposed as missing.

Start free, no card required

Frequently asked questions

Which packages should developers check for and remove immediately?

Search your installed packages for names following the pattern paysafe-checkout, paysafe-vault, skrill-sdk and neteller, plus any close variants. Socket published the full list of 17 names in their security advisory. If any are present, rotate all secrets on that machine before doing anything else.

Does this attack affect ordinary customers of Paysafe, Skrill or Neteller?

No direct risk has been identified for end users. The attack targeted developers who build software using these payment brands, not the platforms themselves. Customers should continue standard account hygiene but do not need to take emergency action.

How do attackers get malicious packages onto npm and PyPI in the first place?

Both registries allow anyone to publish packages. There is no mandatory identity verification tied to brand names, which means an attacker can upload a package called skrill-sdk with no affiliation to Skrill at all. Automated malware scanning exists but does not catch every novel obfuscated payload at upload time.

What is the fastest way to prevent this type of supply-chain attack going forward?

Pin all dependencies to verified cryptographic hashes, run software composition analysis tools before any package enters a build pipeline, and use an internal artifact registry that enforces an approved-package allowlist. Developer security awareness training that covers package provenance verification adds a human layer to those technical controls.

Ready to Reduce Your Human Cyber Risk?

Sign up and start training your team in minutes. No sales calls, no demos — just pick a plan and go. Phishing simulations, video courses, and certificates from day one.

train2secure analytics dashboard showing training completion stats and user progress