Cybersecurity researchers have identified two malicious packages uploaded to the Python Package Index (PyPI) that are designed to steal sensitive information from infected systems. These findings, reported by Fortinet FortiGuard Labs, highlight the risks posed by these packages, named zebo and cometlogger, which collectively garnered over 280 downloads before their removal.
Zebo, characterized as a malware tool, employs various techniques for surveillance, data theft, and unauthorized control. It uses obfuscation methods, including hex-encoded strings, to hide the URL of the command-and-control (C2) server it communicates with. This package is capable of capturing keystrokes and taking screenshots hourly, saving the data to a local folder before uploading it to an image hosting service.
Additionally, zebo establishes persistence on the infected machine by creating a batch script that ensures its execution every time the system reboots, thus maintaining its presence.
On the other hand, cometlogger’s attack pattern is more extensive. It is designed to harvest cookies, passwords, tokens, and account information from various applications, including Discord, Steam, and social media platforms like Instagram and TikTok. The package can also collect system metadata, Wi-Fi details, active processes, and clipboard contents, circumventing detection by avoiding execution in virtual environments and terminating browser processes to access files without restriction.
Security researcher Jenna Wang emphasized that while certain features of these packages could potentially serve legitimate purposes, their hidden functionalities and lack of transparency make them hazardous. Users are advised to carefully review code before execution and to avoid running scripts from unknown sources.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.