Security News > 2022 > November > WASP malware stings Python developers

WASP malware is using steganography and polymorphism to evade detection with malicious Python packages designed to steal credentials, personal information, and cryptocurrency.

Researchers from Phylum and Check Point earlier this month reported seeing new malicious packages on PyPI, a package index for Python developers.

PyPI, an open source repository used by developers to share Python packages used in projects, is an increasingly popular target in software supply chain attacks for uploading malicious code via fake packages.

The malicious package becomes an initial infection point if a developer loads it onto their system, with other malware following - in this case, the WASP info-stealing trojan.

After the malicious package is loaded, the setup script installs additional Python packages, including judyb, which provides the steganography capabilities.

The crook claimed he was working on an "Exe version" of the malware and was seen this week with a new identity - PyPI user "Halt" - uploading typosquatting packages that also use the Starjacking technique, which is stealing GitHub Stars from a legitimate package to make the malicious one look popular.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/16/wasp_python_malware_checkmarx/