Skip to main content
    Fake Payment App Tools Stealing Information From Developers
    Cybersecurity
    2 min read

    Fake Payment App Tools Stealing Information From Developers

    Criminals created fake software tools that appeared to be from legitimate payment services like Paysafe and Skrill, targeting software developers with malware.

    Source

    BleepingComputer

    Original headline: Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Wednesday, July 8, 2026Updated Thursday, July 9, 20262 min read
    Share:

    Cybercriminals recently uploaded fake software packages to two popular developer platforms. These malicious packages pretended to be official tools from Paysafe, Skrill, and Neteller, which are legitimate payment services. When developers downloaded and used these fake tools, malware was installed on their computers that stole credentials and other sensitive information. This primarily affects software developers who use tools from NPM or PyPI in their work. However, if you use Paysafe, Skrill, or Neteller for online payments, there is a small risk that developers of apps or websites you use might have been compromised. The malware specifically targeted login credentials, which could allow criminals to access payment accounts or other sensitive systems.

    Here is what you should do right now:

    1. If you use Paysafe, Skrill, or Neteller, change your password immediately. Choose a strong, unique password you do not use anywhere else.
    2. Enable two-factor authentication on these payment accounts if you have not already done so.
    3. Review your recent transaction history on these platforms for any unauthorized activity.
    4. Check your email account password as well, since many people use the same password across multiple sites.
    5. If you are a software developer who uses NPM or PyPI, review your recent downloads and check your system for suspicious activity. This incident shows how criminals are getting creative about who they target. By attacking developers, they hope to gain access to many users at once. Always use unique passwords for financial accounts, and never reuse passwords across different services. Two-factor authentication remains one of the best protections available, adding a second verification step that stops criminals even if they steal your password.

    Protect Yourself

    Use our Cyber Threat Radar to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: BleepingComputer

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.