All-Python malware nasty bites Windows victims in Poland

Slurps keystrokes, mines Bitcoin, even sets up web servers

Malware authors have put together a strain of malicious code written entirely in Python, in what may turn out to be an experiment in creating a new type of cross-platform nasty.

PWOBot is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable.

The malware has already infected a number of Europe-based organisations, particularly in Poland, according to new research.

Distribution routes include the popular Polish file-sharing web service chomikuj.pl. Victims include a Polish national research institution, a Polish shipping company, a large Polish retailer, a Polish information technology organisation, a Danish building company and a French optical equipment provider.

“The malware itself provides a wealth of functionality, including the ability to download and execute files, execute Python code, log keystrokes, spawn a HTTP server, and mine Bitcoins via the victim’s CPUs and GPUs, according to security researchers at Palo Alto Networks.

The underlying code is cross-platform, so the nasty might easily be ported over to the Linux and OS X operating systems. That fact, coupled with a modular design, makes PWOBot a potentially significant threat.

More details on the nasty – including code extracts and other insights – can be found in a blog post by Palo Alto here. ®




Biting the hand that feeds IT © 1998–2018