Security News > 2022 > November > Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer

Cybersecurity researchers have uncovered 29 packages in Python Package Index, the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer.

"The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," software supply chain security company Phylum said in a report published this week.

Collectively, the packages have been downloaded more than 5,700 times, with some of the libraries relying on typosquatting to trick unsuspecting users into downloading them.

The fraudulent modules repurpose existing legitimate libraries by inserting a malicious import statement in the packages' "Setup.py" script to launch a piece of Python code that fetches the malware from a remote server.

This is not the first time W4SP Stealer has been delivered through seemingly benign packages in the PyPI repository.

In August, Kaspersky uncovered two libraries named pyquest and ultrarequests that were found to deploy the malware as a final payload. The findings illustrate continued abuse of open source ecosystems to propagate malicious packages that are designed to harvest sensitive information and make way for supply chain attacks.

News URL

https://thehackernews.com/2022/11/researchers-uncover-29-malicious-pypi.html