1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This new Python malware is going after Windows machines

    From TechnologyDaily@1337:1/100 to All on Thu Jan 26 11:00:03 2023
    This new Python malware is going after Windows machines

    Date:
    Thu, 26 Jan 2023 10:49:08 +0000

    Description:
    Dangerous malware is stealing data and logging keystrokes, and researchers still don't know who is behind it.

    FULL STORY ======================================================================

    Cybersecurity researchers from Securonix have recently discovered a new
    Python -based malware thats capable of stealing files and logging keystrokes from affected endpoints.

    Dubbed PY#RATION, the malware is apparently being actively developed, with
    the researchers spotting multiple versions since August 2022. The malware
    uses the WebSocket protocol to reach out to the command & control (C2)
    server, get instructions, and potentially extract sensitive data.

    Securonix say the malware "leverages Python's built-in Socket.IO framework, which provides features to both client and server WebSocket communication." The malware uses this channel to pull data and receive commands. The
    advantage of WebSocket, the publication claims, is that it allows the malware to receive and send data over a single TCP connection, via commonly open ports, at the same time. Multiple features

    The researchers also said that the attackers used the same C2 address all
    this time. Given that the address is yet to be blocked on the IPVoid checking system, the researchers assumed that PY#RATION was flying under the radar for months.

    PY#RATIONs features include, among others, network enumeration, file transfer to and from the C2, keylogging, shell commands execution, host enumeration, cookies exfiltration, the exfiltration of passwords stored in the browser,
    and clipboard data theft. Read more

    Python malware is using a devious new technique


    Some official Python repos were infected with malware


    Check out the best firewalls right now

    To distribute the malware, the attackers are using the good old phishing email. The email comes with a password-protected .ZIP archive which, when unpacked, delivers two shortcut files, designed to look like image files - front.jpg.lkn, and back.jpg.lnk.

    The front and back file names refer to the front and the back of a non-existent drivers license. If the victims click the files, theyll get two more files downloaded from the internet - front.txt and back.txt. These are later renamed to .bat files and executed. The malware itself tries to
    disguise itself as Cortana, Microsofts virtual assistant, to discourage its removal from the system.

    The group behind the malware, the distribution volume, and the goal of the campaign, are all unknown at this time. Here's our list of the best endpoint protection software

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-new-python-malware-is-going-after-windows- machines


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)