Malicious Python packages found exfiltrating user data to Telegram bot

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

John Leonard
clock • 2 min read
Malicious Python packages found exfiltrating user data to Telegram bot
Image:

Malicious Python packages found exfiltrating user data to Telegram bot

Researchers at security vendor Checkmarx have uncovered an operation, apparently based in Iraq, that uses malware hosted on the Python repository PyPI to search for files on the victim's device and exfiltrate them to a Telegram bot.

The malicious packages, all of which now seem to have been removed from PyPI, were named testbrojct2, proxyfullscraper, proxyalhttp and proxyfullscrapers.  The packages contained an __init__.py ...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Database developer introduces new licensing model

Licensing

Database developer introduces new licensing model

Charging more based on customer revenue

clock 16 August 2024 • 3 min read
New threat group CRYSTALRAY seen using variety of off-the-shelf tools to steal credentials

Threats and Risks

New threat group CRYSTALRAY seen using variety of off-the-shelf tools to steal credentials

Sysdig researchers have been following the group since February

clock 11 July 2024 • 2 min read
Will Starmer take Blair's one piece of advice and focus on tech?

Government

Will Starmer take Blair's one piece of advice and focus on tech?

Lack of Manifesto detail is not an insurmountable problem

clock 10 July 2024 • 5 min read
John Leonard
Author spotlight

John Leonard

View profile
More from John Leonard

Organisations expect AI RoI in 2 years, report

Microsoft apps for macOS vulnerable to hacking, researchers find

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Threats and Risks

Security flaws in Microsoft's Health Bot put patient data at risk
Threats and Risks

Security flaws in Microsoft's Health Bot put patient data at risk

Used across the NHS

Dev Kundaliya
clock 21 August 2024 • 2 min read
Microsoft apps for macOS vulnerable to hacking, researchers find
Threats and Risks

Microsoft apps for macOS vulnerable to hacking, researchers find

Hackers could inject malicious code to control access to camera, mic and data

John Leonard
John Leonard
clock 20 August 2024 • 3 min read
Russia's AI-powered election interference efforts stalled, says Meta
Threats and Risks

Russia's AI-powered election interference efforts stalled, says Meta

But social media giant remains vigilant about evolving risks posed by AI

Dev Kundaliya
clock 18 August 2024 • 3 min read