Home Ā» Python malware is using a devious new technique
Malware

Python malware is using a devious new technique

by Techradar - All the latest technology news
written by Techradar - All the latest technology news 0 comment

Threat actors building Python malware are getting better, and their payloads harder to detect, researchers have claimed.

Analyzing a recently-detected malicious payload, JFrog reported how the attackers used a new technique – anti-debugging code – to make it harder for researchers to analyze the payloads and understand the logic behind the code.Ā 

In addition to ā€œregularā€ obfuscation tools and techniques, the hackers behind the ā€œcookiezlogā€ package used anti-debugging code as a way to thwart dynamic analysis tools.
First time

According to JFrog, this is the first time such a method was spotted in any PyPI malware.

ā€œMost PyPI malware today tries to avoid static detection using various techniques: starting from primitive variable mangling to sophisticated code flattening and steganography techniques,ā€ the researchers explain in a blog post.

ā€œUse of these techniques makes the package extremely suspicious, but it does prevent novice researchers from understanding the exact operation of the malware using static analysis tools. However ā€“ any dynamic analysis tool, such as a malware sandbox, quickly removes the malwareā€™s static protection layers and reveals the underlying logic.ā€

Read more

> Malicious PyPi packages turn Discord into password-stealing malware> This random image is spreading a malicious PyPl package using GitHub> These are the best Python online courses

The hackersā€™ efforts seem futile, as JFrogā€™s researchers managed to work around the workarounds and peek right into the payload. Following an analysis, the researchers described the payload as ā€œdisappointingly simpleā€ compared to the effort made to keep it hidden. Itā€™s still harmful though, as cookiezlog is a password grabber capable of stealing ā€œautocompleteā€ passwords saved in data caches of popular browsers.

The intelligence gathered is then sent to the attackers via a Discord hook that acts as a command & control server.

Unfortunately, JFrog did not reveal the name of the group behind the malware, or the distribution techniques used to land the password grabber onto the victimsā€™ endpoints. Regardless, news of PyPI malware is more frequent, suggesting that Python developers have become a major target.Ā 

Check out the best endpoint protection right now

Source: Read More

You may also like

3 ways Malwarebytes helps you browse securely and privately online

Simplistic Malware Concept in Python

How To Find Malware On Android?

Malware Comes Standard With This Android TV Box on Amazon

RAT malware campaign tries to evade detection using polyglot files

Suspicious Malware under PDF – Not detected by ANY Engine!

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

  • 3033 Ogden Ave. Suite 113, Lisle IL USA
  • Email: nonstop@cybernonstop.com

About Links

Useful Links

Laest News

‘It just hit civilians’: Deaths from strike on Ukraine apartment building rise to 29
FCC Proposes To Strengthen Data Breach Notification Rules for Telecom Operators
CircleCI says hackers stole encryption keys and customers’ secrets
How to demonstrate the business value of data

@2021 – All Right Reserved. Designed and Developed by PenciDesign

Facebook Twitter Instagram Linkedin Youtube Email
Close