New PWOBot Python Malware Can Log Keystrokes, Mine for Bitcoin

Exterminator

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Content source
http://news.softpedia.com/news/new-pwobot-python-malware-can-logs-keystrokes-mine-for-bitcoin-503208.shtml
Security experts from Palo Alto Networks have discovered PWOBot, a new malware family coded in Python that can execute a broad range of attacks via its modular architecture.

PWOBot infections started cropping up at multiple European organizations during mid-to-late 2015. The subsequent investigation carried out by Palo Alto researchers also brought to light attacks dating back as far as late 2013.

Until now, only the following organizations have faced a PWOBot infection: a Polish national research institution, a Polish shipping company, a large Polish retailer, a Polish information technology organization, a Danish building company, and a French optical equipment provider.

PWOBot distributed via a Polish file sharing service
All infections happened after employees of these companies downloaded files off a Polish file hosting service (chomikuj.pl).
The malicious files were generic executables compiled via the PyInstaller package that takes basic Python code and packages it as a binary.

Until now, Palo Alto says it has only seen PWOBot packed as Windows executables, but Python is a platform-agnostic language, and PyInstaller can also generate binaries for Linux, Mac OS X, FreeBSD, Solaris, and AIX.

PWOBot is modular, can carry out a broad range of attacks
Not all PWOBot infections were of the same kind, and researchers observed twelve different versions. PWOBot's modular architecture is the reason for this large number of different versions.

Researchers say they discovered PWOBot modules that can download and execute other binaries, launch an HTTP server, log keystrokes, execute custom Python code, query remote URLs and return results, and also mine for Bitcoin using the victim's CPU or GPU.

All outgoing traffic is tunneled via Tor and uses encryption to avoid detection by security products.

"While it has historically been seen affecting Microsoft Windows platforms, since the underlying code is cross-platform, it can easily be ported over to the Linux and OSX operating systems," Palo Alto's Josh Grunzweig explains. "That fact, coupled with a modular design, makes PWOBot a potentially significant threat.
Click to expand...
 
  • Like
Reactions: Alkajak, Rishi, mal1 and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
    • Thanks
New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets
Replies
0
Views
1,340
News Archive
silversurfer
silversurfer
Bot
    • Like
Security News New BunnyLoader Malware Variant Surfaces with Modular Attack Features
Replies
0
Views
1,090
Security News
Bot
Bot
silversurfer
    • +Reputation
    • Like
Malware News New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
Replies
0
Views
1,233
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top