The PyPI (Python Package Index) packages (xhttpsp and httpssp) issued by the malware authors “Portugal” and “Brazil” contain yet another 0-day assault, according to the FortiGuard Labs team. By keeping an eye on an open-source ecosystem, these two packages were found on January 31, 2023.
On January 27, 2023, they were both released. As seen in the example below, each had a single version and no description. In their setup.py installation script, which looks to be Base64-encoded, the two packages both contained the same dangerous code.