A brand-new clipper malware named KEKW has been discovered by researchers that impersonates PyPI packages in order to infect users. This software also has the ability to steal information, allowing it to alter cryptocurrency transactions. By circulating malicious Python.whl files, threat actors were found to be spreading the KEKW malware in this campaign.
These files resemble ZIP archives since they contain all of the components needed to install a Python package, such as the metadata, data files, and code. In more than 20 of these compromised parcels, a Bitcoin address connected to the threat actors clipper activity was found. Because these apps are likely to attract users who have the means to pay, the attackers use them to entice users into downloading their malicious software.