430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

29 malicious PyPI packages spotted delivering the W4SP Stealer

Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems. Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer. “It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on […]

PyPi

Cybersecurity researchers discovered 29 malicious PyPI packages delivering the W4SP stealer to developers’ systems.

Cybersecurity researchers have discovered 29 packages in the official Python Package Index (PyPI) repository designed to infect developers’ systems with an info-stealing malware dubbed W4SP Stealer.

“It appears that these packages are a more sophisticated attempt to deliver the W4SP Stealer on to Python developer’s machines by hiding a malicious importstates security firm Phylum. “Similar to this attacker’s previous attempts, this particular attack starts by copying existing popular libraries and simply injecting a malicious import statement into an otherwise healthy codebase.”

The attack started around October 12, 2022 and peaked on October 22. The malicious import was simply injected into either the setup.py or the init.py in the majority of packages, especially the earlier ones.

Threat actors changed tactics over the time and started taking advantage of Python’s seldomly used semicolon to hide the malicious code onto the same line as other legitimate code.

PyPi

The researchers also observed the attacker attempting to evade detection without using the import statement in a few packages. In these cases, attackers used the setup.py file to try and pip install one of the other malicious packages that did have the malicious code.

Below is a list of the suspicious packages discovered by the experts:

  • typesutil
  • typestring
  • sutiltype
  • duonet
  • fatnoob
  • strinfer
  • pydprotect
  • incrivelsim
  • twyne
  • pyptext
  • installpy
  • faq
  • colorwin
  • requests-httpx
  • colorsama
  • shaasigma
  • stringe
  • felpesviadinho
  • cypress
  • pystyte
  • pyslyte
  • pystyle
  • pyurllib
  • algorithmic
  • oiu
  • iao
  • curlapi
  • type-color
  • pyhints

Collectively, the above packages have totaled more than 5,700 downloads.

“As this is an ongoing attack with constantly changing tactics from a determined attacker, we suspect to see more malware like this popping up in the near future” Phylum concludes.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Log4Shell)

[adrotate banner=”5″]

[adrotate banner=”13″]