DreamyOak Quasar Malware
Following the kill chain of a malicious Python package, and decompiling a basic Quasar RAT while rapidly learning some valuable lessons.
#python
5 posts tagged with this topic.
-
-
Tracking Peristent PyPI Malware
The Python Packaging Ecosystem remains fairly stable in the broad scope of open source package distribution, but they are not immune to sustained attacks either. One threat actor group has evolved from simple nuissance to a sustained stream of spam and malware utilizing GitHub staging and direct targeting of userbases for the distribution of malicious programs.
-
Dearmored
Looking deeper into PyArmor obfuscated malware utilizing tools such as Process Monitor and Wireshark, and hooking third party libraries to gain access to web requests and encrypted data.
-
PyPI Security
-
The Challenges of YARA