- Jul 27, 2015
Attackers continue to create fake Python packages and use rudimentary obfuscation techniques in an attempt to infect developers' systems with the W4SP Stealer, a Trojan designed to steal cryptocurrency information, exfiltrate sensitive data, and collect credentials from developers' systems.
According to an advisory published this week by software supply chain firm Phylum, a threat actor has created 29 clones of popular software packages on Python Package Index (PyPI), giving them benign-sounding names or purposefully giving them names similar to legitimate packages, a practice known as typosquatting. If a developer downloads and loads the malicious packages, the setup script also installs — through a number of obfuscated steps — the W4SP Stealer Trojan. The packages have accounted for 5,700 downloads, researchers said.
While W4SP Stealer targets cryptocurrency wallets and financial accounts, the most significant objective of the current campaigns appears to be developer secrets, says Louis Lang, co-founder and CTO at Phylum.
Threat actors continue to push malicious Python packages to the popular PyPI service, striking with typosquatting, authentic sounding file names, and hidden imports to fool developers and steal their information.