Python Packages on PyPI Infected with BlazeStealer Malware: Developers Beware!
Originally Published 2 years ago — by The Hacker News
Malicious Python packages containing the BlazeStealer malware have been discovered on the Python Package Index (PyPI) repository. Disguised as obfuscation tools, these packages install a Discord bot that gives attackers complete control over compromised developer systems. The malware can steal sensitive information, execute commands, encrypt files, and even render the computer unusable. The rogue packages were downloaded over 2,400 times before being taken down, with the majority of downloads originating from the U.S. Developers are advised to remain vigilant and thoroughly vet packages before use.