Dozens of PyPI packages caught dropping ‘W4SP’ info-stealing malware

Researchers have discovered over two dozen Python packages on the PyPI registry that are pushing info-stealing malware.

Most of these contain obfuscated code that drops “W4SP” info-stealer on infected machines, while others make use of malware purportedly created for “educational purposes” only.

31 typosquats drop ‘W4SP’ info-stealer

Researchers have identified over two dozen Python packages on the PyPI registry that imitate popular libraries but instead drop info-stealers after infecting machines.

The packages, listed below, are typosquats—that is, threat actors publishing these have intentionally named them similar to known Python libraries in hopes that developers attempting to fetch the real library make a spelling error and inadvertently retrieve one of the malicious ones.

Software supply chain security firm Phylum revealed 29 packages in its report published on Tuesday:

1. algorithmic
2. colorsama
3. colorwin
4. curlapi
5. cypress
6. duonet
7. faq
8. fatnoob
9. felpesviadinho
10. iao
11. incrivelsim
12. installpy
13. oiu
14. pydprotect
15. pyhints
16. pyptext
17. pyslyte
18. pystyle
19. pystyte
20. pyurllib
21. requests-httpx
22. shaasigma
23. strinfer
24. stringe
25. sutiltype
26. twyne
27. type-color
28. typestring
29. typesutil