topic Re: The Code is a Changin' in Threats

The Code is a Changin'

AppDefects — Mon, 09 Oct 2023 09:34:19 GMT

The vast majority of serious malware over the past 30 years has been written in Assembly and compiled languages such as C and C++ (sorry Cobol lovers you didn't make the list). Over the last decade we have seen the emergence of malware written in interpreted languages. Case in point: Python. Developing Python malware takes advantage of a massive ecosystem of open-source packages and repositories. Almost anything you could think of, someone has already built it using Python. This is a huge advantage to malware authors as simplistic capabilities can be picked à la carte from GitHub or other repo's. On top of that the portability of malicious Python code is exacerbated by the fact that you don't need an interpreter, native executable can be built on the fly.

Source: https://www.cyborgsecurity.com/python-malware-on-the-rise/

Re: The Code is a Changin'

JKWiniger — Mon, 13 Jul 2020 22:59:31 GMT

I would really have to disagree with these findings. Malware in general is trying to hit the most people as possible and the average person does not have a python interpreter installed. It seems like they could only target advanced users and developers which in most cases should have enough experience to see most malware coming...

Just my .02

John-

Re: The Code is a Changin'

AppDefects — Tue, 14 Jul 2020 00:18:06 GMT

One way of doing it is to bundle the Python interpreter, but you can just image how large a file that would be. Another simpler way is to just convert Python code and create Windows and/or Linux executable.

Re: The Code is a Changin'

JKWiniger — Tue, 14 Jul 2020 00:55:12 GMT

You can convert Python code into an executable?!? I did not know that. Learn something new every day!

John-

Re: The Code is a Changin'

Beads — Tue, 14 Jul 2020 14:31:40 GMT

You could if Pyinstaller or similar is on the machine but this quickly devolves into a "chicken before the egg" scenario. In order to create the executable you need control over the target first which negates the need to create the executable on the target.

I think what you are eluding to is to create the executable before sending it to the target otherwise your indicating taking over an already compromised target or intellectual sleight of hand.

- b/eads