Malicious Python packages found exfiltrating user data to Telegram bot

Appears to be part of a wider operation by crime gang based in Iraq, say Checkmarx researchers

John Leonard
clock • 2 min read
Image:

Researchers at security vendor Checkmarx have uncovered an operation, apparently based in Iraq, that uses malware hosted on the Python repository PyPI to search for files on the victim's device and exfiltrate them to a Telegram bot.

The malicious packages, all of which now seem to have been removed from PyPI, were named testbrojct2, proxyfullscraper, proxyalhttp and proxyfullscrapers.  The packages contained an __init__.py ...

John Leonard
John Leonard

