Python malware has once again reared its ugly head, with the discovery of two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, on the Python Package Index (PyPI). These packages were flagged by Fortinet FortiGuard Lab’s AI-based detection system on November 24, 2024, for their malicious intent to steal sensitive user data through keylogging, screenshot capturing, and information exfiltration.
Zebo-0.1.0, one of the identified malicious packages, exhibits typical malware behavior by utilizing libraries like pynput and ImageGrab to log keystrokes, capture screenshots, and exfiltrate sensitive information to remote servers. The malware also employs obfuscation techniques to evade detection and establish persistence on infected systems by creating startup scripts for re-execution upon system reboot.
On the other hand, Cometlogger-0.1 poses a significant threat to user privacy and security by maintaining a long-term presence on victim systems and targeting platforms like Discord, Steam, Instagram, and Twitter. This malicious package utilizes advanced obfuscation techniques, keylogging, screen capturing, and data exfiltration to compromise user data and maintain unauthorized control over infected systems.
The discovery of these malicious Python packages highlights the inherent risks associated with using the PyPI repository, as malicious actors are increasingly exploiting it to distribute harmful code. The research from Socket Security reveals the prevalence of such threats, with the recent discovery of the “Fabrice” malware that harvested AWS credentials from developers over a three-year period.
To mitigate the risks posed by malicious Python packages, users are advised to disconnect from the internet, isolate infected systems, use reputable antivirus software, and consider reformatting the system if necessary. These proactive measures can help safeguard against potential data breaches and unauthorized access.
The widespread impact of these malicious Python packages underscores the importance of cybersecurity measures in an increasingly digital world. Developers and platforms reliant on PyPI must remain vigilant against such threats to protect user privacy and prevent security breaches. By staying informed and implementing best practices for cybersecurity, individuals and organizations can reduce the risk of falling victim to malicious actors in the digital landscape.