IT security researchers have discovered an unusual family of malicious code written entirely in the Python programming language, making it easy to port to different operating systems.
The malware uses a modular design that allows it to carry out a selection of different attacks, including executing files, logging keystrokes, mining bitcoins using the affected system’s CPU resources, executing arbitrary Python code and communicating with a remote server, according to Palo Alto Networks.
At least 12 variants of the “PWOBot” malware are known to exist, with six having been spotted on the open Internet, Palo Alto said.
It found the malware has been involved in attacks dating back at least to the end of 2013 and has targeted a number of European organisations, particularly in Poland. During the latter half of 2015 targets in the country included a national research institution, a shipping company, a large retailer and an IT organisation, as well as a construction company in Denmark and an optical equipment provider in France, Palo Alto said.
“While it has historically been seen affecting Microsoft Windows platforms, since the underlying code is cross-platform, it can easily be ported over to the Linux and OSX operating systems,” the firm said in an advisory. “That fact, coupled with a modular design, makes PWOBot a potentially significant threat.”
The malware family hasn’t previously been disclosed to the public, Palo Alto said.
It isn’t clear how the malware initially made its way onto affected systems, the firm said – it could have been via an email-borne phishing attack or via a user download. The malware disguises itself as various Windows utility programs and has been spotted on popular Polish file-sharing site chomikuj.pl, Palo Alto said.
The company noted that PWOBot uses the Tor network to communicate with remote servers, which could help organisations spot it on their systems.
“While (Tor) provides both encryption and anonymity, it also should raise alerts to an organisation’s network administrators if viewed, as such traffic likely violates said organisation’s policies,” Palo Alto said.
Are you a security pro? Try our quiz!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…