Malware dubbed WASP is using steganography and polymorphism to evade detection, with its malicious Python packages designed to steal credentials, personal information, and cryptocurrency.
Researchers from Phylum and Check Point earlier this month reported seeing new malicious packages on PyPI, a package index for Python developers. Analysts at Checkmarx this week connected the same attacker to both reports and said the operator is still releasing malicious packages.
A Checkmarx report detailed hundreds of successful infections of the WASP info-stealer malware, and found a number of interesting features to ensure persistence in a compromised PC and to evade cybersecurity tools.
Read more…
Source: The Register