It's been a while since we've heard about malware hiding in PyPI packages, but researchers now report finding nearly a dozen pieces of malware hiding in the open source Python Package Index (PyPI) repository. did.
Cybersecurity researchers at Fortinet's FortiGuard Labs have discovered nine packages delivering WhiteSnake Stealer. The packages are called nigpal, figflix, teleerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. Researchers explained that WhiteSnake is a Windows infostealer that has the ability to evade antivirus programs and communicates with C2 servers via the Tor protocol.
Its main function is to steal information from compromised endpoints and execute various commands. The information it tracks is primarily data from web browsers, cryptocurrency wallets, browser add-ons, and important apps like Discord, Signal, and Telegram.
Focus on cryptocurrencies
We observed that some packages contained more advanced versions of the malware that also included clipboard monitors and overwriting capabilities. This feature is designed to assist in cryptocurrency theft. That's because people who want to send tokens from one address to another will most likely end up copying and pasting the receiving address instead of typing it. This malware allows attackers to replace the copied wallet addresses with their own, forcing victims to send funds to the wrong address.
PyPI is one of the world's largest and most popular Python package repositories. As such, it is a frequent target of threat actors and does two main things. They can either create an entirely new malicious package, or they can engage in typosquatting, creating a package that resembles a legitimate one and giving it nearly the same name. That way, a developer could accidentally install something malicious.
Developers are urged to exercise caution when using PyPI and similar services, and to always ensure that they are downloading genuine packages. You should be aware of strange typos, inconsistent download numbers, and user reviews.
From Hacker News