Beware Of Malicious Python Packages That Steal Users Sensitive Data

Malicious Python packages uploaded by “dsfsdfds” to PyPI infiltrated user systems by exfiltrating sensitive data to a Telegram bot likely linked to Iraqi cybercriminals.  Active since 2022 and containing more than 90,000 Arabic messages, it has functioned as both a command-and-control center and an underground marketplace for social media manipulation tools.  It highlights a broader cybercriminal network, emphasizing the need for in-depth investigation and collaboration within cybersecurity communities. A malicious script scans the victim’s file system, particularly the root directory and DCIM folder, targeting files with extensions like .py, .php, .zip, .png, .jpg, and .jpeg.   Once found, the script transmits both file paths and the actual data (files and photos) to the attacker’s Telegram bot without the user’s awareness.

Source: GBHackers

 


Date:

Categorie(s):