"WASP Malware Stings Python Developers"

WASP malware uses steganography and polymorphism to avoid detection, with malicious Python packages designed to steal credentials, personal information, and cryptocurrency. Earlier this month, researchers from Phylum and Check Point reported finding new malicious packages on the Python Package Index (PyPI). Checkmarx analysts linked the same attacker to both reports and said the operator is still releasing malicious packages. A Checkmarx report detailed hundreds of successful infections of the WASP information-stealer malware, discovering a number of features to ensure persistence in a compromised PC and evade cybersecurity tools. The operator is selling copies of WASP to other criminals for $20 in cryptocurrency or gift cards. PyPI is becoming a more popular target in software supply chain attacks for uploading malicious code via fake packages. Typosquatting is a technique in which malicious packages are given names that sound legitimate or are similar to real packages. As a result, developers are duped into installing booby-trapped packages that appear to be useful and legitimate. Check Point noted that such packages typically include malicious code to download and run a virus, carrier code for sneaking the malicious code in, and luring victims to install the malicious package, such as through typosquatting. In August, the PyPI community issued a warning about the first-ever phishing attack against its users. If a developer installs the malicious package on their system, it becomes an initial infection point for other malware, in this case, the WASP information-stealing Trojan. This article continues to discuss the WASP information-stealing malware impacting the software supply chain. 

The Register reports "WASP Malware Stings Python Developers"