Security experts are warning about an ongoing supply chain attack that disseminates an information thief using malicious Python packages. The attack, which had been going on since the beginning of October, was discovered by Phylum on November 1.
The perpetrators copied existing, well-known libraries and added a malicious “import” statement to them. The injection of code is intended to infect the victim’s computer with a background-running script. A modified version of the information thief known as Wasp is contained in the script that retrieves the victim’s geolocation.
According to Checkmarx, the attackers have so far been successful in infecting hundreds of victims while actively releasing new packages to continue the campaign.