https://www.theregister.com/2022/11/16/wasp_python_malware_checkmarx/
I chatted about this with my talk’s moderator, Cameron, at last week’s AllDayDevOps’ Keynote. We spoke about how we’re seeing open source software supply chain attacks targeting software developers.
He said that some people don’t realize that when installing python libraries, they’re actually executing scripts downloaded from the internet (sometimes from unverified sources). And these scripts are usually run with admin user privileges, using “sudo”.
There is an active software supply chain attack that is targeting python developers. The python malware is targeted at stealing all the victim’s account credentials, crypto wallets, credit cards, and other interesting files on their computer.
It uses a technique called typo-squatting for distribution, where the malicious packages are given the names that sound similar to real packages. It is also able to evade detection by using polymorphism to change its code after installation, and has the ability to remain persistent even if the system is rebooted.
The malware is currently being sold to other criminals on the dark web for $20.
This segment was created for the It’s 5:05 podcast