Five malicious packages were found on the Python Package Index (PyPI), stealing passwords, Discord authentication cookies, and cryptocurrency wallets from unsuspecting developers.
Having already been acquired by hundreds of software developers, these five packages have been removed from availability. These five packages and their download statistics are:
- 3m-promo-gen-api – 136 downloads
- Ai-Solver-gen – 132 downloads
- hypixel-coins – 116 downloads
- httpxrequesterv2 – 128 downloads
- httpxrequester – 134 downloads
Although Fortinet failed to provide details on the type of malware, BleepingComputer identified it as W4SP Stealer.
The W4SP Stealer malware starts by grabbing data from popular web browsers such as VPN extensions for Google Chrome, The Opera, Brave Browser, Yandex Browser and Microsoft Edge.
It then tries to steal authentication cookies from Discord, the Public Test Build (PTB), the Canary build, and the LightCord client for malicious use.
Following target websites:
- Coinbase.com
- Gmail.com
- YouTube.com
- Instagram.com
- PayPal.com
- telegram.com
- Hotmail.com
- Outlook.com
- Aliexpress.com
- ExpressVPN.com
- eBay.com
- Playstation.com
- xbox.com
- Netflix.com
- uber.com
As package repositories such as PyPi and NPM, are now commonly used for distribution malware, developers must analyze the code in packages before him add in projects their.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment