BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
BTC $66157.0605
ETH $3160.9620
BNB $600.0523
SOL $153.7382
XRP $0.5487
stETH $3158.2980
DOGE $0.1576
TON $5.5645
ADA $0.5086
AVAX $38.3049
wstETH $3680.0518
WBTC $66253.4640
DOT $7.3621
WETH $3160.3315
TRX $0.1121
BCH $509.2779
LINK $15.3526
MATIC $0.7263
UNI $8.0690
ICP $14.6066
LTC $84.3899
DAI $0.9987
CAKE $2.9756
RNDR $9.0447
IMX $2.3823
STX $3.0517
NEAR $6.8843
ETC $27.8833
FDUSD $1.0002
MNT $1.1936
FIL $6.4625
TAO $503.6116
OKB $54.7164
HBAR $0.0881
VET $0.0418
KAS $0.1270
ATOM $8.7670
PEPE $0.0000
GRT $0.2943
WIF $2.7575
FET $2.4107
MKR $2818.4937
INJ $27.8130
USDE $0.9992
THETA $2.3518
XLM $0.1162
CORE $2.5749
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • How to hack hundreds of IT companies in the world for $20


    The experts revealed the details of the attack on the supply chain using PyPI packages.

    Researchers at security firm Checkmarx have uncovered the details of an ongoing attack on a supply chain that uses malicious PyPI packages to distribute W4SP Stealer malware, and more than 100 victims have been targeted by the attackers to date. According to Checkmarx expert Yossef Harush, the cybercriminal is still active and is releasing new malicious packages. Harush named the attacker "WASP".

    This campaign is notable because it uses steganography to extract the W4SP Stealer payload hidden in the image file. Installing a PyPI package will eventually infect W4SP Stealer (also known as WASP Stealer). Infostealer is designed to exfiltrate Discord accounts, passwords, crypto wallets and other files into Discord Webhook.

    On Nov. 15, the WASP operator uploaded new PyPI libraries that use StarJacking, a method in which a package is published with a URL that points to a popular repository.

    Checkmarx's analysis also revealed the attacker's Discord server, run by a user named "Alpha.#0001", as well as various fake GitHub profiles designed to lure developers into downloading malware.

    In addition, Alpha.#0001 advertises a "completely undetectable" $20 package on his Discord channel, and regularly releases new packages under different names as soon as they are removed from PyPI.


    Author DeepWeb
    Russian hackers will answer for cyberattacks - USA
    Hashish Addiction

    Comments 0

    Add comment