Threat Research

Two more malicious Python packages in the PyPI

Securonix

Two newly discovered malicious PyPI packages masquerade as a popular library to steal data and credentials, delivering a multi-stage payload that culminates in the W4SP Stealer which exfiltrates browser data and Discord tokens via a Discord webhook. The campaign uses a Hyperion-obfuscated downloader, a registry-based persistence attempt, and remote payloads hosted on a suspect domain to build a chained attack culminating in data theft and live exfiltration.
#pyquest #ultrarequests #W4SPStealer #DiscordWebhook #Hyperion #zerotwo-best-waifu

Keypoints

  • The attackers released two malicious PyPI packages, pyquest and ultrarequests, masquerading as the legitimate “requests” package to trick developers.
  • The malicious packages imitate the legitimate project description and stats to appear popular (e.g., fake install counts, stars, and references to legitimate pages).
  • After installation, the malicious code hides a Base64-encoded payload inside exception.py and then decodes/executes a one-liner that downloads the next-stage payload from remote URLs.
  • The downloader is obfuscated with Hyperion, using techniques like renaming, junk code, and zlib compression, and it only runs on Windows (NT) systems.
  • The final payload, “W4SP Stealer,” collects IP info, browser credentials, Discord tokens, cookies, and passwords, and exfiltrates data via a Discord webhook; it also injects a JS payload into Discord to monitor changes.
  • Persistence attempts include creating a Run registry value (Realtek HD Audio Universal Service) but the described method does not reliably achieve persistence.

MITRE Techniques

  • [T1036] Masquerading – The attacker used a description of the legitimate “requests” package in order to trick victims into installing a malicious one. “The attacker used a description of the legitimate “requests” package in order to trick victims into installing a malicious one.”
  • [T1105] Ingress Tool Transfer – The malware downloads the final stage payload from remote URLs and executes it. “downloads the next-stage script from https://zerotwo-best-waifu[.]online/…/injector and executes it.”
  • [T1027] Obfuscated/Compressed Files and Information – The downloader is obfuscated with Hyperion and uses various obfuscation techniques. “The downloader is obfuscated with a publicly available tool named Hyperion.”
  • [T1132.001] Data Encoding – The malicious payload is a Base64-encoded Python script hidden in the “HTTPError” class, then written and executed. “Base64-encoded Python script hidden in the “HTTPError” class.”
  • [T1598.001] Acquire Infrastructure – The malware uses remote URLs (zerotwo-best-waifu[.]online) to fetch payloads and updates. “downloads the final stage payload from https://zerotwo-best-waifu[.]online/…”
  • [T1059.006] Command and Scripting Interpreter: Python – The final payload is executed via a Python interpreter path and a generated script. “……generated path for dropped final payload” and “system.start()” to run it.
  • [T1547.001] Boot or Logon Autostart Execution: Registry Run Keys/Startup Folder – The malware creates a Run registry value for persistence. “the malware creates a registry value with name “Realtek HD Audio Universal Service” in the HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun”
  • [T1555.003] Credentials from Web Browsers – The stealer collects Discord tokens, cookies, and passwords from browsers. “starts collecting Discord tokens, saved cookies and passwords from browsers in separate threads.”
  • [T1567.002] Exfiltration to Web Services – All collected data is sent to a Discord webhook. “All collected data is sent to the operator via a Discord webhook.”
  • [T1059.001] Command and Scripting Interpreter: Windows Command Shell – The final payload uses command-line string concatenation to chain executables for persistence (illustrative example of command execution flow). “C:WindowsSystem32 & “

Indicators of Compromise

  • [URL] zerotwo-best-waifu[.]online/778112985743251/wap/enner/injector – downloader URL used to fetch the injector
  • [URL] zerotwo-best-waifu[.]online/778112985743251/wap/shatlegay/stealer123365 – final payload download URL
  • [URL] zerotwo-best-waifu[.]online/778112985743251/wap/dsc_injection – Discord/injection payload URL
  • [URL] https://api.ipify.org – used by the stealer to determine external IP
  • [URL] https://discord[.]com/api/webhooks/1001296979948740648/4wqCErLU3BVeKWnxDA70Gns5vcfxh5OCb3YDIFZaFujqfSRIwHH4YIu3aLOVWjCDeO1H – Discord webhook used for exfiltration
  • [File] exception.py – a modified file in the malicious package differing from legitimate requests
  • [File] SecurityHealthSystray.exe – one of the executables referenced in the Run key sequence
  • [File] SystemSettingsAdminFlows.exe – another executable referenced in the Run key sequence
  • [File] wppassw.txt – temporary file storing extracted usernames/passwords
  • [File] wpcook.txt – temporary file storing extracted cookies/passwords
  • [Registry] HKCUSoftwareMicrosoftWindowsCurrentVersionRun – Run key used for persistence (Realtek HD Audio Universal Service)
  • [File] Falls back to downloaded payloads starting with a marker and the line “”

Read more: https://securelist.com/two-more-malicious-python-packages-in-the-pypi/107218/