Researchers have discovered over two dozen Python packages on the PyPI registry that are pushing info-stealing malware.
Most of these contain obfuscated code that drops “W4SP” info-stealer on infected machines, while others make use of malware purportedly created for “educational purposes” only.
31 typosquats drop ‘W4SP’ info-stealer
Researchers have identified over two dozen Python packages on the PyPI registry that imitate popular libraries but instead drop info-stealers after infecting machines.
The packages, listed below, are typosquats—that is, threat actors publishing these have intentionally named them similar to known Python libraries in hopes that developers attempting to fetch the real library make a spelling error and inadvertently retrieve one of the malicious ones.
Software supply chain security firm Phylum revealed 29 packages in its report published on Tuesday:
- algorithmic
- colorsama
- colorwin
- curlapi
- cypress
- duonet
- faq
- fatnoob
- felpesviadinho
- iao
- incrivelsim
- installpy
- oiu
- pydprotect
- pyhints
- pyptext
- pyslyte
- pystyle
- pystyte
- pyurllib
- requests-httpx
- shaasigma
- strinfer
- stringe
- sutiltype
- twyne
- type-color
- typestring
- typesutil
