1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Another PyPl package is found to just simply be a load of malware

    From TechnologyDaily@1337:1/100 to All on Mon Mar 6 11:30:04 2023
    Another PyPl package is found to just simply be a load of malware

    Date:
    Mon, 06 Mar 2023 11:05:10 +0000

    Description:
    Dangerous malware has been patched together in what researchers call the "democratization" of cybercrime.

    FULL STORY ======================================================================

    Security researchers discovered yet another malicious PyPI package, whose
    goal is to steal peoples sensitive data and allow unauthenticated users
    access to the compromised endpoint.

    The package, called colorfool, was obviously malicious, they said. It had a suspiciously large Python file whose only task was to download another file from the internet and run it, while making sure it stayed hidden from the devices user.

    "The function, therefore, immediately seemed suspicious and likely
    malicious," the report states. "Borrowing" code

    To make matters worse, that wasnt even the only suspicious thing about this file. The URL from which the package needs to download the payload was hardcoded, which is another red flag.

    The Python script - code.py - carried information-stealing functions, such as keylogging and cookie exfiltration. Besides, it was capable of stealing passwords, killing apps, grabbing screenshots, stealing crypto wallet data, and even use the devices webcam.

    What makes this package different from all the other malicious PyPI packages that security researchers discover on an almost daily basis is its Frankenstein-like nature. The code was patched together from parts of other peoples work, sometimes with no regard to logic, the codes flow, or anything else, the researchers suggest. As if the author simply copied and pasted
    parts of the code, often leaving excess code to simply sit there. Read more

    Hundreds of malicious PyPI packages are spreading havoc online


    More PyPI packages stealing data have been discovered


    Check out the best endpoint protection tools right now

    "The combination of obfuscation alongside blatant malicious code indicates that it is unlikely that all the code was developed by a single entity," the researchers said. "It is possible that the final developer mostly utilized other people's code, adding it via copy and paste."

    In fact, the code even carries the Snake game which doesnt seem to be serving any particular purpose.

    For the researchers, this is a perfect example of the democratization of cybercrime, where threat actors can simply take code from other threat actors and embed it into their work. Here are the best firewalls today

    Via: The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/another-pypl-package-is-found-to-just-simply-be -a-load-of-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)