UK To Introduce Comprehensive Crypto Rules - 1

Image by Muhammad Asyfaul, from Unsplash

UK To Introduce Comprehensive Crypto Rules

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

The UK will draft comprehensive crypto regulations in 2024, focusing on stablecoins, staking, and competing with US and EU developments.

In a Rush? Here are the Quick Facts!

  • Stablecoins and staking will be part of a unified crypto regulation regime.
  • Stablecoins will no longer fall under existing payment services regulation.
  • Industry seeks clearer rules to avoid staking being classified as an investment scheme.

The UK government, under Prime Minister Keir Starmer, plans to draft a regulatory framework for the cryptocurrency sector early next year, Economic Secretary to the Treasury Tulip Siddiq announced at a conference in London on Thursday, as first reported by Bloomberg .

TechCrunch notes that this move follows the UK introducing an new bill to classify crypto assets like Bitcoin and NFTs as “personal property,” offering them greater legal protection. The initiative aims to help the UK keep pace with developments in the US and Europe, says Bloomberg.

The framework will address stablecoins — cryptocurrencies tied to stable assets like the US dollar — and staking services, where investors lock up tokens to support blockchain operations in return for a yield, says Bloomberg.

These rules will form part of a single overarching regime for cryptoassets. “Doing everything in a single phase is simpler and it just makes more sense,” said Siddiq as reported by Bloomberg.

Stablecoins will no longer be regulated under the UK’s existing payment services framework, which Siddiq described as inappropriate given their “current use cases,” says Bloomberg.

The UK is also aiming to counter the pull of President-elect Donald Trump’s administration in the US, which has made efforts to attract crypto businesses, according to Bloomberg.

Uncertainty over UK legislation has caused hesitation among companies, particularly as the EU’s comprehensive Markets in Cryptoassets regulation is set to take effect by the end of the year.

In addition, the industry is seeking a carve-out for staking to avoid it being classified as a collective investment scheme, a designation that would subject it to stricter oversight.

Siddiq indicated alignment with this view, saying, “For me, it doesn’t make sense for staking services to have this treatment. The government intends to proceed with removing this legal uncertainty accordingly,” reports Bloomberg.

The Labour government’s proactive approach follows its landslide victory in July’s general election, signaling a push to provide clarity and foster growth in the UK’s crypto sector, notes Bloomberg.

Malware Hidden In Python Packages Affects Developers Worldwide - 2

Image by DC Studio, from Freepik

Malware Hidden In Python Packages Affects Developers Worldwide

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Two malicious Python packages on PyPI mimicked AI tools but secretly installed JarkaStealer malware, stealing sensitive data from over 1,700 users.

In a Rush? Here are the Quick Facts!

  • Two malicious Python packages on PyPI installed JarkaStealer malware on users’ systems.
  • The packages mimicked AI tools but secretly stole sensitive data from users.
  • JarkaStealer malware collects data like browser info, session tokens, and system details.

Kaspersky’s cybersecurity experts have discovered two malicious Python packages on the Python Package Index (PyPI), a widely used software repository, as announced on Thursday.

These packages claimed to help developers interact with advanced language models like GPT-4 Turbo and Claude AI but were actually designed to install malware called JarkaStealer.

The packages, named “gptplus” and “claudeai-eng,” appeared legitimate, with descriptions and examples showing how they could be used to create AI-powered chats.

In reality, they only pretended to work by using a demo version of ChatGPT. Their actual purpose was to deliver malware. Hidden in the code was a mechanism that downloaded and installed JarkaStealer, compromising the user’s system.

If Java wasn’t already installed, the packages would even fetch and install it from Dropbox to ensure the malware could run.

These malicious packages were available for more than a year, during which they were downloaded over 1,700 times by users in more than 30 countries.

The malware targeted confidential data such as browser information, screenshots, system details, and even session tokens for applications like Telegram, Discord, and Steam. This stolen data was sent to attackers and then erased from the victim’s computer.

JarkaStealer is a dangerous tool often used to collect sensitive information. The source code was also found on GitHub, suggesting that the people distributing it on PyPI may not have been its original authors.

PyPI administrators have since removed these malicious packages, but similar threats could appear elsewhere.

Developers who installed these packages should delete them immediately and change all passwords and session tokens used on affected devices. While the malware doesn’t persist on its own, it could have already stolen critical information.

To stay safe, developers are encouraged to carefully inspect open-source software before use, including checking the publisher’s profile and package details.

For added security, tools that detect threats in open-source components can be included in development processes to help prevent such attacks.