Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New PWOBot Python Malware Can Log Keystrokes, Mine for Bitcoin
#1
[Image: new-pwobot-python-malware-can-logs-keyst...3208-2.jpg]
Security experts from Palo Alto Networks have discovered PWOBot, a new malware family coded in Python that can execute a broad range of attacks via its modular architecture.
PWOBot infections started cropping up at multiple European organizations during mid-to-late 2015. The subsequent investigation carried out by Palo Alto researchers also brought to light attacks dating back as far as late 2013.
Until now, only the following organizations have faced a PWOBot infection: a Polish national research institution, a Polish shipping company, a large Polish retailer, a Polish information technology organization, a Danish building company, and a French optical equipment provider.
PWOBot distributed via a Polish file sharing service
All infections happened after employees of these companies downloaded files off a Polish file hosting service (chomikuj.pl).
The malicious files were generic executables compiled via the PyInstaller package that takes basic Python code and packages it as a binary.
Until now, Palo Alto says it has only seen PWOBot packed as Windows executables, but Python is a platform-agnostic language, and PyInstaller can also generate binaries for Linux, Mac OS X, FreeBSD, Solaris, and AIX.
PWOBot is modular, can carry out a broad range of attacks
Not all PWOBot infections were of the same kind, and researchers observed twelve different versions. PWOBot's modular architecture is the reason for this large number of different versions.
Researchers say they discovered PWOBot modules that can download and execute other binaries, launch an HTTP server, log keystrokes, execute custom Python code, query remote URLs and return results, and also mine for Bitcoin using the victim's CPU or GPU.
All outgoing traffic is tunneled via Tor and uses encryption to avoid detection by security products.
"While it has historically been seen affecting Microsoft Windows platforms, since the underlying code is cross-platform, it can easily be ported over to the Linux and OSX operating systems," Palo Alto's Josh Grunzweig explains. "That fact, coupled with a modular design, makes PWOBot a potentially significant threat."


source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Warning over ‘FREE games like GTA 5’ hacking your computer to mine Bitcoin for crooks mrtrout 0 639 07-13-2021 , 02:45 AM
Last Post: mrtrout
  New Python-scripted trojan malware targets fintech companies dhruv2193 0 895 09-04-2020 , 09:34 AM
Last Post: dhruv2193
  A vulnerability in Cleverence Mobile SMARTS Server is used to mine cryptocurrencies omidomi 0 1,397 01-27-2018 , 03:03 PM
Last Post: omidomi

Forum Jump:


Users browsing this thread: 1 Guest(s)