Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

The Hacker News by The Hacker News
December 24, 2024
Home Cybersecurity
Share on FacebookShare on Twitter


Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration

Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs.

The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down. According to ClickPy statistics, a majority of these downloads came from the United States, China, Russia, and India.

Cybersecurity

Zebo is a “typical example of malware, with functions designed for surveillance, data exfiltration, and unauthorized control,” security researcher Jenna Wang said, adding cometlogger “also shows signs of malicious behavior, including dynamic file manipulation, webhook injection, stealing information, and anti-[virtual machine] checks.”

The first of the two packages, zebo, uses obfuscation techniques, such as hex-encoded strings, to conceal the URL of the command-and-control (C2) server it communicates with over HTTP requests.

It also packs in a slew of features to harvest data, including leveraging the pynput library to capture keystrokes and ImageGrab to periodically grab screenshots every hour and save them to a local folder, prior to uploading them to the free image hosting service ImgBB using an API key retrieved from the C2 server.

In addition to exfiltrating sensitive data, the malware sets up persistence on the machine by creating a batch script that launches the Python code and adds it to the Windows Startup folder so that it’s automatically executed upon every reboot.

Cometlogger, on the other hand, is a lot of feature-packed, siphoning a wide range of information, including cookies, passwords, tokens, and account-related data from apps such as Discord, Steam, Instagram, X, TikTok, Reddit, Twitch, Spotify, and Roblox.

Cybersecurity

It’s also capable of harvesting system metadata, network and Wi-Fi information, a list of running processes, and clipboard content. Furthermore, it incorporates checks to avoid running in virtualized environments and terminates web browser-related processes to ensure unrestricted file access.

“By asynchronously executing tasks, the script maximizes efficiency, stealing large amounts of data in a short time,” Wang said.

“While some features could be part of a legitimate tool, the lack of transparency and suspicious functionality make it unsafe to execute. Always scrutinize code before running it and avoid interacting with scripts from unverified sources.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
E-Home Household Service Holdings Limited launches AI Robotic Automatic Cleaning Equipment for Intelligent Cleaning of Public Places

E-Home Household Service Holdings Limited launches AI Robotic Automatic Cleaning Equipment for Intelligent Cleaning of Public Places

Recommended.

Huawei’nin Bangkok’taki Yenilikçi Ürün Lansmanında Öne Çıkacak Amiral Gemisi Tablet

Huawei’nin Bangkok’taki Yenilikçi Ürün Lansmanında Öne Çıkacak Amiral Gemisi Tablet

April 28, 2026
Top 5 New Broadcom-VMware Products In 2026: Chips, Wi-Fi 8 And Cloud Platform

Top 5 New Broadcom-VMware Products In 2026: Chips, Wi-Fi 8 And Cloud Platform

March 11, 2026

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio