Python-Based Malware Infects European Companies | eWeek
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Python-Based Malware Infects European Companies

Python-based malware
Written By
Guest Author
Guest Author
Apr 20, 2016
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

By Matthew Broersma

IT security researchers have discovered an unusual family of malicious code written entirely in the Python programming language, making it easy to port to different operating systems.

The malware uses a modular design that allows it to carry out a selection of different attacks, including executing files, logging keystrokes, mining bitcoins using the affected system’s CPU resources, executing arbitrary Python code and communicating with a remote server, according to Palo Alto Networks.

European organizations targeted

At least 12 variants of the “PWOBot” malware are known to exist, with six having been spotted on the open Internet, Palo Alto said.

It found the malware has been involved in attacks dating back at least to the end of 2013 and has targeted a number of European organizations, particularly in Poland. During the latter half of 2015, targets in the country included a national research institution, a shipping company, a large retailer and an IT organization, as well as a construction company in Denmark and an optical equipment provider in France, Palo Alto said.

“While it has historically been seen affecting Microsoft Windows platforms, since the underlying code is cross-platform, it can easily be ported over to the Linux and OSX operating systems,” the firm said in an advisory. “That fact, coupled with a modular design, makes PWOBot a potentially significant threat.”

The malware family hasn’t previously been disclosed to the public, Palo Alto said.

Disguised downloads

It isn’t clear how the malware initially made its way onto affected systems, the firm said—it could have been via an email-borne phishing attack or via a user download. The malware disguises itself as various Windows utility programs and has been spotted on popular Polish file-sharing site chomikuj.pl, Palo Alto said.

The company noted that PWOBot uses the Tor network to communicate with remote servers, which could help organizations spot it on their systems.

“While (Tor) provides both encryption and anonymity, it also should raise alerts to an organization’s network administrators if viewed, as such traffic likely violates said organization’s policies,” Palo Alto said.
Guest Author
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information