These types of packages are a cause for concern as they pose a serious threat to developers who may inadvertently download and install them. We’re talking about these packages being copycats of the popular W4SP stealer, an ongoing risk to the open-source software supply chain. Ain't no rest for the W4SP copycatsĪfter our initial report on a series of malicious packages uploaded to the PyPI registry that we investigated and identified as info-stealer trojans, we observed a continuation of this trend throughout the month of March. In terms of PyPI, we wanted to dive deeper into the most recent info-stealers we found: microsoft-helper and reverse-shell.Īrm yourself with the latest news and insights on the world of malware security and how you can properly protect your team’s build environment from potential risks. Other packages, including ibd-ui-component-library, fortnox-react, otc-trading-desk, payments-js, f0-content-parser, and typeahead-client-logger followed the very same pattern. Some of the node packages we caught on npm, such as segment-js-sdk, product-api-ts-axios-sdk, and account-api-ts-axios-sdk, published under the scope 12build, contain lightly obfuscated code in the file build.js that exfiltrates the environment variables to a “” address. In terms of volume, in March we caught a total of 6,933 malicious packages. We'll also explore a malicious package called reverse-shell that’s part of a global malware-as-a-service (MaaS) initiative, and a data leak incident experienced by OpenAI leading to the first western country ban of ChatGPT. This month, we'll dive deep into a series of malicious packages uploaded to the PyPI registry identified as information stealers, some of them copies of the popular W4SP stealer we’ve been tracking. Welcome to a new issue of Malware Monthly, where we collaborate with our team of security researchers to provide an in-depth look at the different types of malware we’ve detected and how they can impact your system.
0 kommentar(er)
