All-Python malware nasty bites Windows victims in Poland
Slurps keystrokes, mines Bitcoin, even sets up web servers
Malware authors have put together a strain of malicious code written entirely in Python, in what may turn out to be an experiment in creating a new type of cross-platform nasty.
PWOBot is written entirely in Python, and compiled via PyInstaller to generate a Microsoft Windows executable.
The malware has already infected a number of Europe-based organisations, particularly in Poland, according to new research.
Distribution routes include the popular Polish file-sharing web service chomikuj.pl. Victims include a Polish national research institution, a Polish shipping company, a large Polish retailer, a Polish information technology organisation, a Danish building company and a French optical equipment provider.
“The malware itself provides a wealth of functionality, including the ability to download and execute files, execute Python code, log keystrokes, spawn a HTTP server, and mine Bitcoins via the victim’s CPUs and GPUs, according to security researchers at Palo Alto Networks.
The underlying code is cross-platform, so the nasty might easily be ported over to the Linux and OS X operating systems. That fact, coupled with a modular design, makes PWOBot a potentially significant threat.
More details on the nasty – including code extracts and other insights – can be found in a blog post by Palo Alto here. ®