Researchers studying cybersecurity have discovered 116 malicious packages on the Python Package Index (PyPI) repository that are intended to use a unique backdoor to infect Linux and Windows computers.
According to a paper released earlier this week by ESET researchers Marc-Etienne M.Léveillé and Rene Holt, “in certain cases, the final payload is a variant of the infamous W4SP Stealer, or a simple clipboard monitor to steal cryptocurrency, or both.”
Since May 2023, the packages are believed to have been downloaded more than 10,000 times.
The threat actors responsible for the activity have been shown to bundle malicious code into Python packages using three different methods: a test.py script, setup.py file integrating PowerShell, and init.py file containing it in obfuscated form.