‘BlazeStealer’ Python Malware Allows Complete Takeover of Developer Machines

“BlazeStealer” malware, hosted on Python packages on the PyPI code repository is targeting developers involved in code obfuscation, according to researchers at Checkmarx. After installation, the malware gives the attackers complete control over the victim’s computer and has capabilities like exfiltrating host data, stealing passwords, launching keyloggers, and encrypting files. It can also control a PC’s webcam, overload the CPU, deactivate Windows Defender and Task Manager. BlazeStealer communicates using a unique identifier via the Discord messaging service.