1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Python malware is using a devious new technique

    From TechnologyDaily@1337:1/100 to All on Mon Dec 19 12:30:03 2022
    Python malware is using a devious new technique

    Date:
    Mon, 19 Dec 2022 12:20:42 +0000

    Description:
    Hackers use new tricks to keep their payloads hidden, including adding anti-debugging code

    FULL STORY ======================================================================

    Threat actors building Python malware are getting better, and their payloads harder to detect, researchers have claimed.

    Analyzing a recently-detected malicious payload, JFrog reported how the attackers used a new technique - anti-debugging code - to make it harder for researchers to analyze the payloads and understand the logic behind the code.

    In addition to regular obfuscation tools and techniques, the hackers behind the cookiezlog package used anti-debugging code as a way to thwart dynamic analysis tools. First time

    According to JFrog, this is the first time such a method was spotted in any PyPI malware.

    Most PyPI malware today tries to avoid static detection using various techniques: starting from primitive variable mangling to sophisticated code flattening and steganography techniques, the researchers explain in a blog post .

    Use of these techniques makes the package extremely suspicious, but it does prevent novice researchers from understanding the exact operation of the malware using static analysis tools. However any dynamic analysis tool, such as a malware sandbox, quickly removes the malwares static protection layers and reveals the underlying logic. Read more

    Malicious PyPi packages turn Discord into password-stealing malware


    This random image is spreading a malicious PyPl package using GitHub


    These are the best Python online courses

    The hackers efforts seem futile, as JFrogs researchers managed to work around the workarounds and peek right into the payload. Following an analysis, the researchers described the payload as disappointingly simple compared to the effort made to keep it hidden. Its still harmful though, as cookiezlog is a password grabber capable of stealing autocomplete passwords saved in data caches of popular browsers.

    The intelligence gathered is then sent to the attackers via a Discord hook that acts as a command & control server.

    Unfortunately, JFrog did not reveal the name of the group behind the malware, or the distribution techniques used to land the password grabber onto the victims endpoints. Regardless, news of PyPI malware is more frequent, suggesting that Python developers have become a major target. Check out the best endpoint protection right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/python-malware-is-using-a-devious-new-technique


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)