Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Windows PCs are now being hit by dangerous malware — here's the steps you need to take to stay safe

The Python banner logo on a computer screen running a code editor.

It’s been a while since we heard about malware hiding in PyPI packages, but researchers have now reported finding almost a dozen lurking on the open source Python Package Index (PyPI) repository.

Cybersecurity researchers from Fortinet’s FortiGuard Labs found nine packages delivering the WhiteSnake Stealer. The packages are called nigpal, figflix, telerer, seGMM, fbdebug, sGMM, myGens, NewGends, and TestLibs111. WhiteSnake is a Windows infostealer, capable of working around antivirus programs, and communicates with the C2 server via the Tor protocol, the researchers explained.

Its main function is to steal information from the compromised endpoints, and execute various commands. The information it’s after is mostly data from web browsers, cryptocurrency wallets and browser add-ons, and important apps such as Discord, Signal, Telegram, and similar. 

Eyes on cryptos

Some of the packages were also observed carrying a more advanced version of the malware that also comes with a clipboard monitor and an overwrite feature. This feature is designed to assist in cryptocurrency theft, as people wanting to send their tokens from one address to another will almost always copy and paste the receiving address, instead of typing it out. With this malware, the attackers can replace the copied wallet address with one belonging to them, having the victim send their funds to the wrong address. 

PyPI is one of the world’s largest and most popular Python package repositories. As such, it’s a frequent target by threat actors who mostly do two things: either create an entirely new malicious package, or engage in typosquatting - creating a package similar to a legitimate one, and naming it almost exactly the same. That way, the developers can mistakenly install the malicious one. 

Developers are urged to be vigilant when using PyPI and similar services and always make sure they’re downloading a legitimate package. They should look out for strange typos, inconsistent download numbers, and user reviews.

Via The Hacker News

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.