Discock and W4SP Stealer: Malicious pypi packages and horizontally-scrolled masspace imports

This page summarizes the projects mentioned and recommended in the original post on /r/ethicalhacking
Hyperion obf Obfuscation Obfuscator Python

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sampleproject

    A sample project that exists for PyPUG's "Tutorial on Packaging and Distributing Projects"

    • We first observed a package performing “starjacking” in the project https://github.com/pypa/sampleproject. We flagged the package for further investigation.

  • Hyperion

    The most powerful 100% Python obfuscator. (by billythegoat356)

    • During our further analysis, it was noted that the package was obfuscated using “Hyperion” and specially crafted to target hosts running Windows Operating Systems. Once the package is installed and executed on the victim’s host, it fetches a malicious piece of python code and saves it on the victim machine. Later the package tries to collect sensitive information such as cookies, saved passwords in a browser, saved cookies of gaming applications and steals financial information from crypto wallets. All the discovered data is saved inside 2 files named wppassw.txt and wpcook.txt. The saved data is later exfiltrated through a discord webhook API. Additionally, it also collected victim’s geo location based on the public IP address.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts