• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
malicious python package uses unicode trickery to evade detection and

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

You are here: Home / General Cyber Security News / Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
March 24, 2023

A malicious Python offer on the Python Package deal Index (PyPI) repository has been found to use Unicode as a trick to evade detection and deploy an data-stealing malware.

The deal in concern, named onyxproxy, was uploaded to PyPI on March 15, 2023, and arrives with abilities to harvest and exfiltrate credentials and other worthwhile facts. It has because been taken down, but not in advance of attracting a complete of 183 downloads.

According to software offer chain security company Phylum, the package deal incorporates its malicious behavior in a set up script which is packed with countless numbers of seemingly reputable code strings.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


These strings include a blend of daring and italic fonts and are even now readable and can be parsed by the Python interpreter, only to activate the execution of the stealer malware on installation of the deal.

“An apparent and rapid reward of this weird scheme is readability,” the organization famous. “Also, these obvious variations do not reduce the code from running, which it does.”

This is manufactured feasible owing to the use of Unicode variants of what seems to be the exact character (aka homoglyphs) to camouflage its real hues (e.g., self vs. 𝘀𝘦𝘭𝘧) amid innocuous-seeking capabilities and variables.

The use of Unicode to inject vulnerabilities into source code was previously disclosed by Cambridge University scientists Nicholas Boucher and Ross Anderson in an attack system dubbed Trojan Resource.

What the method lacks in sophistication, it will make up for it by developing a novel piece of obfuscated code, even with exhibiting telltale signals of duplicate-paste initiatives from other resources.

WEBINARDiscover the Concealed Dangers of Third-Party SaaS Applications

Are you informed of the dangers related with third-party application access to your company’s SaaS applications? Be a part of our webinar to learn about the types of permissions becoming granted and how to lower risk.

RESERVE YOUR SEAT

The advancement highlights continued attempts on element of menace actors to find new means to slip by means of string-matching dependent defenses, leveraging “how the Python interpreter handles Unicode to obfuscate their malware.”

On a relevant notice, Canadian cybersecurity company PyUp detailed the discovery of three new fraudulent Python packages – aiotoolbox, asyncio-proxy, and pycolorz – that ended up downloaded cumulatively in excess of 1,000 instances and created to retrieve obfuscated code from a remote server.

Identified this post attention-grabbing? Observe us on Twitter  and LinkedIn to examine a lot more special material we article.


Some areas of this article are sourced from:
thehackernews.com

Previous Post: «some github users must take action after rsa ssh host Some GitHub users must take action after RSA SSH host key exposed
Next Post: GitHub Updates Security Protocol For Operations Over SSH Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.