Press ESC to close

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Category Details
Threat Actors • Unknown, no direct attribution to a specific threat group.
Campaign Overview • Malicious Python packages (Zebo and Cometlogger) were uploaded to the PyPI repository.
• These packages exfiltrate sensitive information from compromised systems.
Target Regions (Victims) • United States, China, Russia, India.
Methodology • The packages use obfuscation techniques, data exfiltration, and persistence mechanisms.
• Zebo: Keystroke logging, screenshot capture, C2 communication.
• Cometlogger: Steals account data, cookies, system metadata, and more.
Product Targeted • Python Package Index (PyPI) repository, systems that download the malicious packages.
Malware Reference • Zebo, Cometlogger.
Tools Used • pynput (for keylogging), ImageGrab (for screenshot capture), free image hosting service ImgBB, dynamic file manipulation, webhook injection.
Vulnerabilities Exploited • No direct vulnerability exploitation mentioned, but relies on unverified Python packages on PyPI.
TTPs • Tactics, techniques, and procedures (MITRE ATT&CK):
• Initial Access: Malicious PyPI packages.
• Execution: Command-and-control, data exfiltration.
• Persistence: Batch script creation, auto-start execution.
Attribution • No attribution to a specific threat actor, but the use of obfuscation and data exfiltration suggests malicious intent.
Recommendations • Avoid interacting with unverified Python packages.
• Scrutinize code before execution, especially from untrusted sources.
• Implement security measures to monitor package integrity.
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/researchers-uncover-pypi-packages.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: TheHackersNews

Published on: December 25, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *