In order to infect people, researchers have found a new clipper malware called KEKW that poses as PyPI packages. Additionally, this malware is capable of information theft, which enables it to manipulate cryptocurrency transactions. Threat actors were discovered distributing the KEKW malware in this campaign by disseminating malicious Python.whl files.
Since they include all the items required to install a Python package, including the code, data files, and metadata, these files are comparable to ZIP archives. A Bitcoin address linked to the clipper activity of the threat actors was discovered in more than 20 of these infected packages.