Press ESC to close

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Category Details
Threat Actors • Unknown malicious actors (targeting PyPI users).
Campaign Overview • Malicious Python packages (Zebo-0.1.0 and Cometlogger-0.1) discovered on PyPI.
• These packages steal sensitive data (keystrokes, screenshots) and establish persistence mechanisms.
Target Regions (Victims) • PyPI users globally, including developers relying on PyPI packages.
Methodology • Keylogging, screenshot capturing, data exfiltration, and establishing persistence via startup scripts.
• Uses obfuscation techniques to evade detection.
Product Targeted • PyPI package management system.
• Developers and their systems using the malicious Python packages.
Malware Reference • Zebo-0.1.0
• Cometlogger-0.1
Tools Used • Python libraries: pynput (for keylogging), ImageGrab (for screenshot capturing).
Vulnerabilities Exploited • Exploitation of PyPI package repository.
TTPs • Data exfiltration via remote servers.
• Obfuscation to avoid detection.
• Creation of persistent scripts in the startup folder.
• Dynamic webhook and anti-VM detection.
Attribution • No specific threat group identified.
Recommendations • Disconnect from the internet and isolate infected systems.
• Use reputable antivirus software.
• Reformat systems if necessary.
• Use caution when installing packages from PyPI.
Source  Hackread.com

Read full article: https://hackread.com/python-malware-zebo-cometlogger-stealing-user-data/

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: Hackread

Published on: December 25, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *