Infostealers spread via malicious PyPi packages

More than 2,000 Windows and Linux systems were estimated to have been targeted by information-stealing malware deployed via nine malicious Python Package Index packages, according to Hackread. Attacks with the PyPi packages, all of which were uploaded by malware author WS and featured base64-encoded Python scripts, facilitated Whitesnake PE malware infections in Windows systems and info-stealing Python script compromise in those running on Linux, a report from Fortinet's FortiGuard Labs revealed. Further examination of the Whitesnake PE malware showed that the encrypted .NET executable payload not only enables self-addition to the exclusion list of Windows Defender but also establishes a connection with a malicious IP to enable the exfiltration of sensitive user data, including browser and cryptocurrency wallet information, which could be used for crypto wallet compromise. Such findings should prompt increased vigilance in open-source package utilization, researchers noted. "Information-stealing malware is an increasingly pertinent and pressing subject. Safeguarding against such persistent adversaries demands a strategic and forward-thinking approach to fortify your defenses," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.