PALO ALTO NETWORKS has come at us with a report of what it claims is a cross-platform malware family written in Python that can attack Windows and be ported to Linux and OS X.
The security firm explained in a blog post that the threat spends most of its time bothering Windows, most notably in Poland, but is making geographical and operating system switches.
"We have discovered a malware family named ‘PWOBot' that is fairly unique because it is written entirely in Python and compiled via PyInstaller to generate a Microsoft Windows executable," said Palo Alto threat intelligence analyst Josh Grunzweig.
"The malware has been witnessed affecting a number of Europe-based organisations, particularly in Poland. Additionally, the malware is delivered via a popular Polish file-sharing web service.
"The malware itself provides a wealth of functionality, including the ability to download and execute files, execute Python code, log keystrokes, spawn an HTTP server, and mine bitcoins via the victim's CPUs and GPUs."
There are at least 12 variants of PWOBot, according to the post, which have been floating around for a few years, but the new cross-platform nature should get people sitting up.
"PWOBot is written completely in Python. The attackers leverage PyInstaller to convert this Python code into a Microsoft Windows executable. However, as Python is being used, it can easily be ported to other operating systems, such as Linux or OS X," Grunzweig said.
PWOBot will first uninstall any previous versions of the malware, then install new versions with malevolent intentions.
"PWOBot also makes use of Tor to tunnel all traffic to the attacker's remote server(s). While this provides encryption and anonymity, it should also raise alerts to an organisation's network administrators as such traffic likely violates the organisation's policies," the post said.
Some firms, some not a million pixels from here, might offer the sort of thing that deals with this sort of thing. µ
Qubit off more than you could chew
Fox? Roadrunner more like
Sharkstooth CPU promises some bite
But there's no Play Store access or Google services