Attacker Deployed Hundreds of Rogue Python Packages with 75,000 Downloads to Steal Sensitive Data

Since April 2023, an attacker has been deploying malicious packages through various usernames, accumulating nearly 75,000 downloads. The attacker has evolved their techniques, moving from plain text to encryption and then to multilayered obfuscation. The malicious packages aim to steal sensitive data from systems, applications, browsers, and users. They also target cryptocurrency users by redirecting transactions to the attacker's account. The attacker has successfully bypassed system defenses and has recorded significant financial gains. The packages have become more sophisticated over time, using encryption and multiple obfuscation layers. The attacker also tampered with a cryptocurrency wallet management application. The stolen information is saved and uploaded to file-sharing services. This emphasizes the ongoing danger of malware distribution and the need for constant vigilance and open-source threat intelligence. The attacker's tactics highlight the importance of caution when downloading packages from untrusted sources. The full list of packages and IOCs are provided.