Security News > 2023 > February > Devs targeted by W4SP Stealer malware in malicious PyPi packages
Five malicious packages were found on the Python Package Index, stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers.
PyPI is a software repository for packages created in the Python programming language.
Between January 27 and January 29, 2023, a threat actor uploaded five malicious packages containing the 'W4SP Stealer' information-stealing malware to PyPi.
The vast majority of these downloads occurred in the first couple of days following the initial upload of the packages, which incentivizes these malicious actors to try uploading the same code onto PyPI via new packages and through a new account when they get banned.
While Fortinet did not identify the type of information-stealing malware, BleepingComputer identified the malware as W4SP Stealer, which has become heavily abused in packages on PyPI. The malware first steals data from web browsers, such as Google Chrome, Opera, Brave Browser, Yandex Browser, and Microsoft Edge.
As package repositories, such as PyPi and NPM, are now commonly used to distribute malware, developers must analyze the code in packages before adding them to their projects.