Pointed out that Python malware is emerging
With the spread of the Internet, computers and smartphones have become indispensable in everyday life, but the threat of malware targeting confidential data stored on such devices has also become significant. '
Python Malware On The Rise | Cyborg Security
https://www.cyborgsecurity.com/python-malware-on-the-rise//
Over the past 30 years, the development environment for malware has mainly been C, C++, Delphi, and other compiler-type languages , but in recent years malware such as Python and other interpreter-type languages has been increasing. In particular, Python is easy to develop for beginners, easy to develop, and has a rich library, which makes it attractive to malware developers, Jackson said.
Unlike malware in compiled languages, the execution environment must be installed in the OS in order to execute Python code. However, you can convert Python into an executable file by using tools such as PyInstaller , py2exe , and Nuitka . Also, Python's malware tends to have larger program size and resource consumption than C's malware, but in recent years the program size has become a barrier due to the speeding up of internet lines and the evolution of computer specifications. It seems difficult.
It is said that pyminifier and pyarmor are libraries often used in malware development. With these libraries, you can transform your code into obfuscated code that is hard to understand.
You can also use Python MSS that can take screenshots to extract sensitive data, and you can use a library that can make web requests to send data to a C2 server . Also, the eval function, which can execute strings as Python code, is also very powerful for the purpose of programming malware, Jackson said.
The most famous malware written in Python is 'Sea Duke,' Jackson said. SeaDuke is a malware made by Python by the cyber espionage organization ' The Dukes ', and analyzed by Palo Alto Networks ' cyber threat organization ' Unit 42 ' such as decompilation. As a result of analysis, SeaDuke said that after using PyInstaller to convert the code into a Windows executable file, it was compressed by UPX . The source code was obfuscated and was cross-platform malware that could run on Linux as well as Windows.
There is also a Python program in 'ransomware' that encrypts device files and demands a ransom. ' PyLocky ' has anti-sandbox function and file encryption function by 3DES, and Trend Micro has reported the analysis result. The other to be observed mainly in Europe the PWOBot was and Azerbaijan companies and public institutions to target PoetRAT , and the source code has been published on GitHub Pupy and Stitch also Python made malware of open source, such as exists.
There are also tools for analyzing these Python malware. Using tools such as uncompyle6 and python-exe-unpacker , it is possible to decompile compiled binary code into Python source code.
“It's interesting to observe the changing trend of malware as computer systems get faster and easier to operate, and for the security industry, Python malware Need to be on the lookout.'
Related Posts:
