![]() In some cases, not all references were removed and trace strings of “W4SP” remain." Unlike in the November campaign with W4SP deployments using complex obfuscation tactics, all but one package directly drop the stealer's code into the "main.py" or the "_init_.py" files without any obfuscation or encoding. However as observed by Phylum, "each deployment appears to have simply tried to do a find/replace of the W4SP references in exchange for some other seemingly arbitrary name. This current campaign uses a copy of the W4SP stealer, identifying itself as ANGEL stealer, Celestial Stealer, Leaf $tealer, Satan Stealer, and Stealer. In November 2022, Phylum was involved in the shutdown of a PyPI campaign distributing W4SP information-stealer. Phylum Research Team observed a series of malicious uploads to PyPI since December 6th, 2022, with threat actors targeting software developers in a supply-chain attack to distribute the new information-stealing malware. Threat Actors Continue to Flood the PyPI Platform with Information Stealers Category: Malware Campaigns | Industry: Technology | Level: Strategic | Source: Phylum
0 Comments
Leave a Reply. |