BlazeStealer Malware Uncovered in Python Packages on PyPI
BlazeStealer Malware Uncovered in Python Packages on PyPI
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
Python Package Index (PyPI) repository is infiltrated with number of malicious python packages. These packages masquerade as obfuscation tools, however they harbor BlazeStealer malware, which initiates a Discord bot that grants cybercriminals complete access to the victim’s computer. The attack is aimed at the developer community, with the intention of stealing sensitive information and compromising the development ecosystem.
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.