Security News > 2024 > May > Cybercriminals pose as "helpful" Stack Overflow users to push malware
Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware-answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware.
Sonatype researcher Ax Sharma discovered this new PyPi package is part of a previously known 'Cool package' campaign, named after a string in the package's metadata, that targeted Windows users last year.
Notice how the package has the "Cool package" string in the Summary metadata field, indicating it is part of this ongoing campaign.
Malicious packages like this are usually promoted using names similar to other popular packages, a process called typo-squatting.
With this package, the threat actors took a more novel approach by answering questions on Stack Overflow and promoting the package as a solution.
While malicious PyPi packages and information-stealers are nothing new, the cybercriminals' strategy to pose as helpful contributors on Stack Overflow is an interesting approach as it allows them to exploit the trust and authority of the site in the coding community.