Home Security Researchers Uncover 29 Malicious PyPI Packages Focused Builders with W4SP Stealer

Researchers Uncover 29 Malicious PyPI Packages Focused Builders with W4SP Stealer

by crpt os


Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers’ machines with a malware called W4SP Stealer.

“The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22,” software supply chain security company Phylum said in a report published this week.

The list of offending packages is as follows: typesutil, typestring, sutiltype, duonet, fatnoob, strinfer, pydprotect, incrivelsim, twyne, pyptext, installpy, faq, colorwin, requests-httpx, colorsama, shaasigma, stringe, felpesviadinho, cypress, pystyte, pyslyte, pystyle, pyurllib, algorithmic, oiu, iao, curlapi, type-color, and pyhints.

Collectively, the packages have been downloaded more than 5,700 times, with some of the libraries (e.g., twyne and colorsama) relying on typosquatting to trick unsuspecting users into downloading them.

The fraudulent modules repurpose existing legitimate libraries by inserting a malicious import statement in the packages’ “setup.py” script to launch a piece of Python code that fetches the malware from a remote server.

W4SP Stealer, an open source Python-based trojan, comes with capabilities to pilfer files of interest, passwords, browser cookies, system metadata, Discord tokens, as well as data from the MetaMask, Atomic and Exodus crypto wallets.

This is not the first time W4SP Stealer has been delivered through seemingly benign packages in the PyPI repository. In August, Kaspersky uncovered two libraries named pyquest and ultrarequests that were found to deploy the malware as a final payload.

CyberSecurity

The findings illustrate continued abuse of open source ecosystems to propagate malicious packages that are designed to harvest sensitive information and make way for supply chain attacks.

“As this is an ongoing attack with constantly changing tactics from a determined attacker, we suspect to see more malware like this popping up in the near future,” Phylum noted.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex