Categories: Security

Python-Based Malware Infects European Companies

IT security researchers have discovered an unusual family of malicious code written entirely in the Python programming language, making it easy to port to different operating systems.

The malware uses a modular design that allows it to carry out a selection of different attacks, including executing files, logging keystrokes, mining bitcoins using the affected system’s CPU resources, executing arbitrary Python code and communicating with a remote server, according to Palo Alto Networks.

European organisations targeted

At least 12 variants of the “PWOBot” malware are known to exist, with six having been spotted on the open Internet, Palo Alto said.

It found the malware has been involved in attacks dating back at least to the end of 2013 and has targeted a number of European organisations, particularly in Poland. During the latter half of 2015 targets in the country included a national research institution, a shipping company, a large retailer and an IT organisation, as well as a construction company in Denmark and an optical equipment provider in France, Palo Alto said.

“While it has historically been seen affecting Microsoft Windows platforms, since the underlying code is cross-platform, it can easily be ported over to the Linux and OSX operating systems,” the firm said in an advisory. “That fact, coupled with a modular design, makes PWOBot a potentially significant threat.”

The malware family hasn’t previously been disclosed to the public, Palo Alto said.

Disguised downloads

It isn’t clear how the malware initially made its way onto affected systems, the firm said – it could have been via an email-borne phishing attack or via a user download. The malware disguises itself as various Windows utility programs and has been spotted on popular Polish file-sharing site chomikuj.pl, Palo Alto said.

The company noted that PWOBot uses the Tor network to communicate with remote servers, which could help organisations spot it on their systems.

“While (Tor) provides both encryption and anonymity, it also should raise alerts to an organisation’s network administrators if viewed, as such traffic likely violates said organisation’s policies,” Palo Alto said.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago