More than 10,000 Windows and Linux systems have been impacted by 116 malicious Python Package Index repository packages with custom malware since May, reports The Hacker News.
Malicious code has been injected into the Python packages through a test.py script, PowerShell insertion in the setup.py file, and integration into the _init_.py file, to facilitate the distribution of malware with data exfiltration, remote command execution, and screenshot capturing capabilities, a report from ESET showed.
"In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both," said researchers, who urged Python developers to be vigilant of the codes they are about to download on their systems.
Such findings come after an unspecified financial organization was reported by Phylum to have been targeted in attacks involving malicious NPM packages.
"This decrypted payload contains an embedded binary that cleverly exfiltrates user credentials to a Microsoft Teams webhook that is internal to the target company in question," said Phylum.
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.