Bittensor Typosquat Campaign
PyPI typosquats of the Bittensor SDK (bitensor, bittenso, bittenso-cli, qbittensor) that backdoor crypto and AI developers, steal wallet credentials and use DNS tunneling as a fallback exfiltration channel.
discovered 2025-08-12
Objective
Steal Bittensor wallet credentials from crypto and AI developers.
Packages
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.006 Command and Scripting Interpreter: Pythonuses
- ttpT1036 Masquerading: package impersonation and typosquattinguses
- ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
- ttpT1041 Exfiltration Over C2 Channeluses
- ttpT1552.004 Unsecured Credentials: Private Keysuses
- ttpT1105 Ingress Tool Transferuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
- ttpT1071.004 Application Layer Protocol: DNSuses
- ttpT1546 Event Triggered Executionuses
