"Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI"

A new set of malicious Python packages has infiltrated the Python Package Index (PyPI) repository, aiming to steal sensitive information from compromised developer systems. According to Checkmarx, the packages appear harmless obfuscation tools, but they contain malware called BlazeStealer. The malware retrieves an additional malicious script from an external source, enabling a Discord bot that gives attackers control over the victim's computer. The campaign, which began in January 2023, includes eight packages named Pyobftoexe, Pyobfusfile, Pyobfexecute, Pyobfpremium, Pyobflite, Pyobfadvance, Pyobfuse, and Pyobfgood. This article continues to discuss the BlazeStealer malware campaign.

THN reports "Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI"

Submitted by grigby1

Submitted by Gregory Rigby on