Hundreds have already been compromised with a modified version of the Wasp information stealer in an ongoing supply chain attack leveraging malicious Python packages since last month, according to SecurityWeek.
Such attacks, which were initially reported by Phylum, involved injections of malicious import statements on existing widely used libraries, with the code used to facilitate machine infections with a script that enables victim geolocation retrieval with the updated Wasp stealer, which could exfiltrate passwords, credit card data, local files, cryptocurrency wallets, and Discord account details, a report from Checkmarx revealed.
New Python packages and fake user accounts have been released by attackers as part of the campaign, noted the report, which also associated the info-stealer's author to a YouTube channel with Discord hacking tool building videos and a Steam account.
"The level of manipulation used by software supply chain attackers is increasing as attackers get increasingly more clever. It seems this attack is ongoing, and whenever the security team of Python deletes his packages, he quickly maneuvers and creates a new identity or simply uses a different name," said Checkmarx.
Okta had 4,961 current and former employees' data, including names, health insurance plan numbers, and Social Security numbers, compromised following a breach at its third-party vendor Rightway Healthcare, reports The Register.
Optimizing AppSec: A Deep Dive into ASPM’s Risk-Based Approach
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Perfecting the third-party lifecycle: Conquering risk in every phase
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news