"W4SP Stealer Stings Python Developers in Supply Chain Attack"

Attackers are still attempting to infect developers' systems with the W4SP Stealer, a Trojan designed to steal cryptocurrency information, exfiltrate sensitive data, and collect credentials from developers' systems. According to a Phylum advisory, a threat actor has created 29 clones of popular software packages on the Python Package Index (PyPI), giving them benign-sounding names or purposefully giving them names that are similar to legitimate packages, a practice known as typosquatting. When a developer downloads and loads the malicious packages, the setup script also installs the W4SP Stealer Trojan through a series of obfuscated steps. According to the researchers, the packages have received 5,700 downloads. Although W4SP Stealer targets cryptocurrency wallets and financial accounts, the current campaigns appear to be focused on developer secrets, according to Louis Lang, co-founder and CTO at Phylum. The attacks on PyPI by an unknown actor or group are only the most recent threats to the software supply chain. As the number of dependencies imported into software has grown dramatically, open-source software components distributed through repository services such as PyPI and the Node Package Manager (npm) have become a popular vector of attack. As in a 2020 attack on the Ruby Gems ecosystem and attacks on the Docker Hub image ecosystem, attackers attempt to use ecosystems to distribute malware to unsuspecting developers' systems. In addition, security researchers at Check Point Software Technologies discovered ten PyPI packages that contained information-stealing malware in August. According to Phylum researchers, this latest campaign's packages are a more sophisticated attempt to deliver the W4SP Stealer onto Python developers' machines. They went on to say that this is an ongoing attack with constantly changing tactics from a determined attacker, and that more malware like this is expected to appear in the near future. This article continues to discuss attackers creating fake Python packages and using rudimentary obfuscation techniques to infect developers' systems with the W4SP Stealer.

Dark Reading reports "W4SP Stealer Stings Python Developers in Supply Chain Attack"