"Fortinet Observed Three Rogue PyPI Packages Spreading the Wacatac Trojan"

Researchers from FortiGuard Labs found three malicious PyPI packages named "colorslib," "httpslib," and "libhttps" uploaded to the PyPI repository by the same malicious actor, Lolip0p. The packages, which were found on January 10, 2023, are designed to drop the Wacatac Trojan on compromised developer systems. The three packages have been downloaded more than 550 times. They use an identical setup.py script that runs a PowerShell script and a malicious Dropbox-hosted executable. The researchers observed that the download URL was not previously detected as malicious. However, the downloaded executable was identified as malicious by several security companies. The Wacatac Trojan installed on the developer's system is capable of various actions and the delivery of more malicious payloads. This article continues to discuss the three malicious packages uploaded to the PyPI repository by Lolip0p group to deliver the Wacatac Trojan to developers' systems. 

Security Affairs reports "Fortinet Observed Three Rogue PyPI Packages Spreading the Wacatac Trojan"