Cybersecurity researchers have identified a set of 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor.
“In some cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both,” ESET researchers Marc-Etienne M.Léveillé and Rene Holt said in a report published earlier this week.
The packages are estimated to have been downloaded over 10,000 times since May 2023.
The threat actors behind the activity have been observed using three techniques to bundle malicious code into Python packages, namely via a test.py script, embedding PowerShell in setup.py file, and incorporating it in obfuscated form in the __init__.py file.
Irrespective of the method used, the end goal of the campaign is to compromise the targeted host with malware, primarily a backdoor capable of remote command execution, data exfiltration, and taking screenshots. The backdoor module is implemented in Python for Windows and in Go for Linux.
Alternately, the attack chains also culminate in the deployment of W4SP Stealer or a clipper malware designed to keep close tabs on a victim’s clipboard activity and swapping the original wallet address, if present, with an attacker-controlled address.
The development is the latest in a wave of compromised Python packages attackers have released to poison the open-source ecosystem and distribute a medley of malware for supply chain attacks.
It’s also the newest addition to a steady stream of bogus PyPI packages that have acted as a stealthy channel for distributing stealer malware. In May 2023, ESET revealed another cluster of libraries that were engineered to propagate Sordeal Stealer, which borrows its features from W4SP Stealer.
Then, last month, malicious packages masquerading as seemingly innocuous obfuscation tools were found to deploy a stealer malware codenamed BlazeStealer.
“Python developers should thoroughly vet the code they download, especially checking for these techniques, before installing it on their systems,” the researchers cautioned.
The disclosure also follows the discovery of npm packages that were found targeting an unnamed financial institution as part of an “advanced adversary simulation exercise.” The names of the modules, which contained an encrypted blob, have been withheld to protect the identity of the organization.
“This decrypted payload contains an embedded binary that cleverly exfiltrates user credentials to a Microsoft Teams webhook that is internal to the target company in question,” software supply chain security firm Phylum disclosed last week.