New research recently released reveals an increase in malicious code disguised as Python obfuscation packages. 

In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. However, as the community grows, so does the number of bad actors looking to exploit it, which includes developers being targeted by seemingly legitimate Python obfuscation packages that harbor malicious code.

New research released by Checkmarx says the malicious payload — called “BlazeStealer” — activates upon installation, receives an additional malicious script from an external source and enables a Discord bot that gives attackers complete control over the victim’s computer.

Percentage distribution of total downloads of the malicious package by country

  • United States — 69.2%
  • China — 12.4%
  • Russia — 5.5%
  • Other — 3.8%
  • Ireland — 3%
  • Hong Kong — 1.6%
  • Croatia — 1.6%
  • France — 1.4%
  • Spain — 1.4%