A new Python info-stealing malware is using Unicode to stay undetected

A new Python info-stealing malware is using Unicode to stay undetected



(Image credit score: Shutterstock / Kanoktuch)

Cybersecurity researchers from Phylum have discovered a new type of malware in a PyPI package deal that was using Unicode to disguise.

Unicode is a world encoding commonplace used for various languages and scripts, protecting greater than 100,000 characters, whose purpose is to simplify and streamline how characters are considered in digital and digital units. With Unicode, each letter, digit, and image, get a singular numeric worth, that stays the identical, whatever the program or platform in use.

The malware is known as “onyxproxy”, it is an infostealer on the hunt for developer login credentials and authentication tokens. It was out there on PyPI for every week, earlier than being shut down, and through that point, it managed to get 183 downloads, which means that up to 183 totally different builders are liable to credential and identification theft.

Hiding in plain sight

The malware carries a package deal known as “setup.py” which, in accordance to the researchers, has “thousands” of suspicious code strings which use a mixture of Unicode characters. 

Observed on the floor, the characters look regular and benign – nonetheless, what the human eye sees, and what this system sees, are two vastly various things.

In onyxproxy, there are three important identifiers: “__import__”, “subprocees”, and “CryptoUnprotectData”. These have a lot of variants, which makes them very best for beating string-matching-based defenses, the researchers clarify. 

While the approach would possibly sound difficult, the researchers declare it isn’t precisely subtle. However, ought to the abuse of Unicode for hiding malicious Python (opens in new tab) code turn into a development, it would turn into trigger for concern.

See also  The 21 Absolute Best Movies to Watch on HBO Max - CNET

“But, whomever this author copied this obfuscated code from is clever enough to know how to use the internals of the Python interpreter to generate a novel kind of obfuscated code, a kind that is somewhat readable without divulging too much of exactly what the code is trying to steal,” concludes Phylum.

  • Here are the most effective malware removing instruments proper now

Via: BleepingComputer (opens in new tab)

Sign up to the TechRadar Pro publication to get all the highest information, opinion, options and steerage what you are promoting wants to succeed!

Sead is a seasoned freelance journalist based mostly in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, information breaches, legal guidelines and laws). In his profession, spanning greater than a decade, he’s written for quite a few media retailers, together with Al Jazeera Balkans. He’s additionally held a number of modules on content material writing for Represent Communications.

…. to be continued
Read the Original Article
Copyright for syndicated content material belongs to the linked Source : TechRadar – https://www.techradar.com/news/a-new-python-info-stealing-malware-is-using-unicode-to-stay-undetected

Related Content

Coup de vieux : Microsoft et IBM libèrent le code de MS-DOS 4.0

By Tech-News Team May 5, 2024

ChromeOS M124 : une mise à jour qui améliore le multitâche, le Wi-Fi et le support Fast Pair

By Tech-News Team May 5, 2024

13 important Windows settings to change immediately

By Tech-News Team May 4, 2024

Get these bone conduction headphones for just $40

By Tech-News Team May 4, 2024
Exit mobile version