Beware Of Malicious Python Packages That Steal Users Sensitive Data

24 July 2024

Malicious Python packages uploaded by “dsfsdfds” to PyPI infiltrated user systems by exfiltrating sensitive data to a Telegram bot likely linked to Iraqi cybercriminals. Active since 2022 and containing more than 90,000 Arabic messages, it has functioned as both a command-and-control center and an underground marketplace for social media manipulation tools. It highlights a broader cybercriminal network, emphasizing the need for in-depth investigation and collaboration within cybersecurity communities. A malicious script scans the victim’s file system, particularly the root directory and DCIM folder, targeting files with extensions like .py, .php, .zip, .png, .jpg, and .jpeg. Once found, the script transmits both file paths and the actual data (files and photos) to the attacker’s Telegram bot without the user’s awareness.

Source: GBHackers

Date:

24 July 2024

Categorie(s):

NEWS

Tag(s):

Cyber Crime, Cyber Security News, Malicious, Malware, Packages

Sinister SpyAgent Android Malware Uses Optics To Crack Your Crypto Wallet7 September 2024
Despite cyberattacks, water security standards remain a pipe dream7 September 2024
Hackers Threaten to Leak Planned Parenthood Data7 September 2024
Protect AI Democratizes AI Security Training with Free MLSecOps Foundations Online Learning Course 7 September 2024
North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams7 September 2024