"PyPI Malware Threatens Windows and Linux Users with Crypto and Info Theft"

Malicious packages on the PyPI repository have been found to deliver the WhiteSnake Stealer malware on Windows systems, while also targeting Linux hosts with a Python script. The malware, uploaded by a threat actor named "WS," is capable of stealing information, communicating with a C&C server using the Tor protocol, and exfiltrating sensitive data, particularly crypto wallet information. The packages have been observed to overwrite clipboard content with attacker-owned wallet addresses and steal data from browsers, applications, and crypto services. This discovery highlights the ability of a single malware author to disseminate multiple info-stealing malware packages into the PyPI library over time.