Security News > 2022 > November > W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack

An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date.
"The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP. "The attack seems related to cybercrime as the attacker claims that these tools are undetectable to increase sales."
The attack is just the latest threat to target the software supply chain.
The installation of the package ultimately makes way for W4SP Stealer, an information stealer engineered to exfiltrate Discord accounts, passwords, crypto wallets, and other files of interest to a Discord Webhook.
"The level of manipulation used by software supply chain attackers is increasing as attackers get increasingly more clever," Harush noted.
"This is the first time [I've] seen polymorphic malware used in software supply chain attacks."
News URL
https://thehackernews.com/2022/11/w4sp-stealer-constantly-targeting.html
Related news
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)