Threat actors have sought to compromise credit card information and other sensitive data through three malicious Python Package Index packages, which have been downloaded almost 40,000 times before being removed from the PyPI repository, reports The Hacker News.
Most popular among the newly discovered nefarious packages was "disgrasya," which explicitly steals and evaluates credit card information from WooCommerce-using merchants that have assigned CyberSource as the payment gateway, according to an analysis from Socket Security. Such a package's name, which translates to 'accident' or 'disaster' in Filipino, was regarded by Socket researchers to be an accurate depiction of the modular carding tool's clandestine nature, which could be exploited in larger automation frameworks. On the other hand, the other two packages that spoof fixes for the bitcoinlib Python module dubbed "bitcoinlibdbfix" and "bitcoinlib-dev" have also been looking to enable data theft, noted ReversingLabs researchers. "The malicious libraries both attempt a similar attack, overwriting the legitimate 'clw cli' command with malicious code that attempts to exfiltrate sensitive database files," researchers added.
