Over 451 packages on the Python Package Index (PyPI) have been found to be infected with the “clipper” malware, according to Phylum security researchers. The contents of a victim’s clipboard are replaced by clippers with items that are advantageous to the attacker. Nowadays, the most common clippers search for cryptocurrency addresses and alter them to steal money.
Phylum’s automated risk detection platform began notifying the company about a string of dubious PyPI publications on February 9th. It resembled an earlier campaign discovered in November 2022, but the researchers noted that it used an updated obfuscation technique and had a “radically increased” volume.
The attackers published a little over twenty packages during the previous campaign. There are more than 451 different packages this time.