Cybersecurity researchers from Checkmarx have discovered more than two dozen malicious packages on PyPI, a popular repository for Python developers, and released their findings in a new report.
These malicious packages, designed to look almost identical to legitimate ones, try to trick reckless developers into downloading and installing the wrong one, thus distributing malware.
The practice is known as typosquatting and it’s quite popular among cybercriminals that attack software developers.
To hide the malware, the attackers are using two unique approaches: steganography, and polymorphism.
Steganography is the practice of hiding code inside an image, which allows threat actors to distribute malicious code through seemingly innocent .JPGs and .PNGs.
Polymorphic malware, on the other hand, changes the payload with every install, thus successfully avoiding antivirus programs and other cybersecurity solutions.
Here, the attackers used these techniques to deliver WASP, an infostealer capable of grabbing people’s Discord accounts, passwords, cryptocurrency wallet information, credit card data, as well as any other information on the victim’s endpoint deems interesting.
> Learn coding skills with the best Python online courses
> More malware is being hidden in PNG images, so watch out
> Even the Windows logo isn’t safe from malware
Once identified, the data …read more
NASA Chooses Spacex To Launch A Self Propelled Space Station To The Moon