Two malicious packages, Zebo-0.1.0 and Cometlogger-0.1, were identified by an AI-driven OSS malware detection system. These packages contain Python scripts designed for surveillance, data exfiltration, and unauthorized control. Zebo-0.1.0 uses obfuscation techniques, keylogging, screen capturing, and data exfiltration to a remote server. It also implements a persistence mechanism to ensure re-execution upon system startup. Cometlogger-0.1 exhibits webhook manipulation, information theft from various platforms, anti-VM detection, dynamic file modification, and persistence mechanisms. Both packages pose significant security risks, including credential leaks and sensitive information theft. The analysis highlights the importance of cybersecurity awareness and robust defensive measures against such malicious code. Author: AlienVault
Related Tags:
zebo-0.1.0
T1059.006
T1056.001
T1547.001
T1555
T1552.001
python
T1078
T1112
Associated Indicators:
E01C61DC52514B011C83C293CF19092C40CB606A28A87675B4F896BE5AFEBED2
839D0CFCC52A130ADD70239B943D8C82C4234B064D6F996EEAAE142F05CC9E85