Security News > 2022 > December > W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names

Threat actors have published yet another round of malicious packages to Python Package Index with the goal of delivering information-stealing malware on compromised developer machines.

W4SP Stealer primarily functions to siphon user data, including credentials, cryptocurrency wallets, Discord tokens, and other files of interest.

The campaign distributing W4SP Stealer gained traction around October 2022, although indications are that it may have started as far back as August 25, 2022.

Since then dozens of additional bogus packages containing W4SP Stealer have been published on PyPI by the persistent threat actors.

The surge in new copycat variants dovetails with GitHub's takedown of the repository that held the original W4SP Stealer source code, indicating that cybercriminals likely not affiliated with the operation are also weaponizing the malware to attack PyPI users.

The software supply chain security firm, which kept tabs on the threat actor's Discord channel, further noted that a previously flagged package under the name of pystyle was trojanized by BillyTheGoat to distribute the stealer.

News URL

https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html