April 1, 2023

Attackers are using W4SP stealer, for creating fake Python packages and use rudimentary obfuscation techniques in an attempt to infect developers.

W4SP, a trojan that is designed to steal crypto information, exfiltrate sensitive data, and collect credentials from developers’ systems.

A threat actor has created 29 clones of popular software packages on PyPI, giving them benign sounding names or purposefully giving them names similar to legitimate packages, a practice known as typosquatting.

Advertisements

Open source software components distributed through repository services, such as PyPI and the NPM are a popular vector of attacks, as the number of dependencies imported into software has grown dramatically.

These packages are a more sophisticated attempt to deliver the W4SP Stealer onto Python developer’s machines, and the ongoing attack constantly changing tactics and its difficult to predict the outcome.

The eventual goal of the attack is to install the information-stealing Trojan W4SP Stealer, which enumerates the victim’s system, steals browser stored passwords, targets cryptocurrency wallets.

Advertisements

Researchers made some progress in identifying the attacker and has sent reports to the companies whose infrastructure is being used. Till now 5700 downloads of the malicious package has been made.

This research was documented by researchers from Phylum.

Tags:

Leave a Reply

You may have missed

Cylance Ransomware Dissection

Cylance Ransomware Dissection

April 1, 2023
WordPress Elementor Pro Plugin Vulnerability

WordPress Elementor Pro Plugin Vulnerability

April 1, 2023
QNAP Critical Sudo Vulnerability

QNAP Critical Sudo Vulnerability

March 31, 2023
AlienFox Malware Toolset -SwissArmy Knife

AlienFox Malware Toolset -SwissArmy Knife

March 31, 2023
3CX Application Malvertised

3CX Application Malvertised

March 31, 2023
Microsoft Azure Super FabriXss Bug

Microsoft Azure Super FabriXss Bug

March 31, 2023
%d bloggers like this: