• Fri. Oct 13th, 2023

New KEKW Clipper Malware Infects Users by Pretending to be PyPI Packages

Avatar photo

ByEsme Greene

Jul 6, 2023
KEKW, a sophisticated new clipper malware, disguises itself as PyPI packages and manipulates bitcoin transactions
Esme Greene
Latest posts by Esme Greene (see all)

Hackers were discovered distributing the KEKW virus through the use of malicious Python.whl files in this campaign. These documents resemble ZIP archives in that they include all the items required to install a Python package, such as the metadata, data files, and source code.

The Bitcoin address was discovered to be linked to the clipper activity of the threat actors in over 20 of these infected kits. The domain name kekwltd[.]ru was included in the bulk of these malicious packages, followed by blackcap[.]ru in a small number of them.

Features of the KEKW virus 

The KEKW virus, which is written in Python, employs the system_information() method to gather information about the system, including login credentials, machine names, Windows product key and version, RAM size, HWID, IP address, location, and Google Maps data.

Web browsers including Google Chrome, Microsoft Edge, Yandex, Brave, and Amigo are among those from which it takes cookies, passwords, history, profiles, credit card information, and tokens. 

With the use of the malware’s clipper feature, attackers may steal money from victims by substituting their own bitcoin address for the one that was intended. Once the information has been taken, the virus formats it as JSON, zips it up, and transfers it to the C2 server that the hackers control. 


The organization that created the KEKW stealer virus has started a significant push to disseminate it. For instance, they can expose businesses to supply chain assaults by utilizing malicious Python software. 

Security specialists must thus be on guard and act quickly to remove these packages from the repository. This will lessen how damaging the attacks are.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.