2024-12-26 16:40:32 Pacfic
Malicious PyPI Packages Stealing Keystrokes - 1d
Security researchers have uncovered two malicious Python packages, "zebo" and "cometlogger," on the Python Package Index (PyPI) that are designed to steal keystrokes and hijack social media accounts. The packages, which have been downloaded over 280 times before being taken down, use advanced malware techniques such as obfuscation to hide their malicious code. Zebo employs keylogging, screenshots, and persistence mechanisms to exfiltrate sensitive data, while cometlogger is designed to siphon a wide range of information including passwords, tokens, and account data from various applications. These findings highlight the continued risk posed by malicious actors exploiting open-source platforms.
The packages, revealed by Fortinet's FortiGuard Labs, use anti-virtual machine checks and dynamic file manipulation to avoid detection while extracting user information to remote servers. Zebo uses the pynput library for keylogging and ImageGrab for screenshots, exfiltrating them via HTTP requests. Cometlogger, is capable of targeting data from popular services, such as Discord, X, and Steam, demonstrating its broad ability to hijack accounts. Experts warn developers to remain vigilant when using third party packages to avoid falling victim to these attacks.
ImgSrc: hackread.com
References:
- The Hacker News - The Hacker News reports on researchers uncovering PyPI packages stealing keystrokes and hijacking social accounts. - 1d
- Techzine Global - Techzine reports about FortiGuard labs uncovering two malicious Python packages. - 1d