{"campaign":{"name":"Bittensor Typosquat Campaign","slug":"bittensor-typosquat-campaign","href":"/ti/campaigns/bittensor-typosquat-campaign","description":"PyPI typosquats of the Bittensor SDK (bitensor, bittenso, bittenso-cli, qbittensor) that backdoor crypto and AI developers, steal wallet credentials and use DNS tunneling as a fallback exfiltration channel.","objective":"Steal Bittensor wallet credentials from crypto and AI developers.","aliases":[],"discovered_at":"2025-08-12"},"packages":[{"ecosystem":"pypi","name":"bitensor","href":"/ti/packages/pypi/bitensor","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4","9.9.5"]},{"ecosystem":"pypi","name":"bittenso-cli","href":"/ti/packages/pypi/bittenso-cli","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4"]},{"ecosystem":"pypi","name":"qbittensor","href":"/ti/packages/pypi/qbittensor","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4"]},{"ecosystem":"pypi","name":"bittenso","href":"/ti/packages/pypi/bittenso","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.5"]}],"indicators":[],"ttps":[{"name":"Supply Chain Compromise: Compromise Software Dependencies and Development Tools","mitre_attack_id":"T1195.001","href":"/ti/ttps/T1195.001"},{"name":"Command and Scripting Interpreter: Python","mitre_attack_id":"T1059.006","href":"/ti/ttps/T1059.006"},{"name":"Masquerading: package impersonation and typosquatting","mitre_attack_id":"T1036","href":"/ti/ttps/T1036"},{"name":"Unsecured Credentials: Credentials In Files","mitre_attack_id":"T1552.001","href":"/ti/ttps/T1552.001"},{"name":"Exfiltration Over C2 Channel","mitre_attack_id":"T1041","href":"/ti/ttps/T1041"},{"name":"Unsecured Credentials: Private Keys","mitre_attack_id":"T1552.004","href":"/ti/ttps/T1552.004"},{"name":"Ingress Tool Transfer","mitre_attack_id":"T1105","href":"/ti/ttps/T1105"},{"name":"Application Layer Protocol: Web Protocols","mitre_attack_id":"T1071.001","href":"/ti/ttps/T1071.001"},{"name":"Application Layer Protocol: DNS","mitre_attack_id":"T1071.004","href":"/ti/ttps/T1071.004"},{"name":"Event Triggered Execution","mitre_attack_id":"T1546","href":"/ti/ttps/T1546"}],"related_campaigns":[],"reports":[{"title":"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers","url":"https://safedep.io/malicious-python-packages-target-crypto-developers","published_at":"2025-08-12"}]}