%20(1).webp "Watch out for harmful PyPI packages stealing login information")
%20(1).webp&description=Watch+out+for+harmful+PyPI+packages+stealing+login+information){kind=link}
Fortinet’s AI-driven OSS malware detection system recently identified two dangerous Python packages, Zebo-0.1.0 and Cometlogger-0.1, on November 16 and November 24, 2024, respectively, posing significant threats to users through advanced malware tactics. The discovery emphasizes the crucial need for robust cybersecurity measures to defend against such sophisticated threats.
The Zebo-0.1.0 package, known for its malicious behaviors, is designed to surveil users, exfiltrate sensitive data, and establish unauthorized control over systems. Its key functionalities include keylogging, screen capturing, data exfiltration to a remote Firebase database, and persistence mechanisms to ensure prolonged system presence. The use of obfuscation techniques complicates detection efforts, highlighting the complexity of this malware.
Cometlogger-0.1, another malicious package, goes a step further in sophistication by dynamically modifying files, stealing sensitive information, and bypassing security environments. It injects webhooks into files to exfiltrate usernames, passwords, and cryptocurrency wallet data, performs anti-VM checks to avoid detection in sandbox environments, and manipulates Python files during runtime to execute malicious commands discreetly. Its ability to extract encrypted credentials and card data from browser storage increases the risk of financial fraud and identity theft.
To mitigate the risks posed by these malicious packages, users and organizations are advised to follow cybersecurity best practices such as disconnecting and scanning affected systems, scrutinizing code before execution, implementing network monitoring for intrusion detection, and providing awareness training on phishing schemes and unsafe downloads. Fortinet customers are protected through updated AntiVirus services, including FortiGate and FortiClient tools tailored to detect and prevent these specific malware packages.
The discovery of Zebo-0.1.0 and Cometlogger-0.1 underscores the growing threats associated with open-source dependencies. These malicious packages demonstrate how attackers can use sophisticated techniques to evade detection, exfiltrate data, and target individuals and organizations. Maintaining heightened vigilance and leveraging advanced cybersecurity tools are essential in combating such threats effectively.