BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Hackers infect dozens of packages with W4SP-based infostealers


    Two weeks ago, the Phylum research team reported that the PyPI repository has a set of 47 packages that infect their victims with the W4SP infostealer. Fortunately, this malicious campaign was quickly stopped after GitHub took down the repository used by the hackers to obtain the payload.

    However, more recently Phylum has discovered 16 new PyPI packages distributing ten different infostealers (eg Celestial Stealer, ANGEL stealer, Satan Stealer, @skid Stealer and Leaf $tealer) based on W4SP.

    List of malicious packages found by researchers:

    • modulesecurity - 114 downloads;
    • informmodule - 110 downloads;
    • chazz - 118 downloads;
    • randomtime - 118 downloads;
    • proxygeneratorbil - 91 downloads;
    • easycordey – 122 downloads;
    • easycordeyy - 103 downloads;
    • tomproxies - 150 downloads;
    • sys-ej - 186 downloads;
    • py4sync - 453 downloads;
    • infosys - 191 downloads;
    • sysuptoer - 186 downloads;
    • nowsys - 202 downloads;
    • upamonkws - 205 downloads;
    • captchaboy - 123 downloads;
    • proxybooster - 69 downloads.

    Of all the above packages, only chazz follows the complex chain of W4SP attacks, including multiple steps and code obfuscation. Instead, they put the infostealer code directly in "main.py" or "_init_.py".

    Chazz, in turn, tosses a copy of the Leaf $tealer infostealer and obfuscates the code with the BlankOBF tool.

    All new malware follows the W4SP tactic by downloading payloads from GitHub repositories. It is not yet clear who is behind the distribution of malicious packages, but Phylum suggests that this is the work of various hacker groups.

    Author DeepWeb
    Selection for a new study on the different effects of marijuana on humans has begun in England
    South Korean politicians hit by wave of cyberattacks from North Korea

    Comments 0

    Add comment