| Mark Bergman via plug on 23 May 2022 08:11:47 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] botnet, backdoor |
In the message dated: Mon, 23 May 2022 10:42:55 -0400, The pithy ruminations from jeffv via plug on [[PLUG] botnet, backdoor] were: => => Malicious PyPI package opens backdoors on Windows, Linux, and Macs => => https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/ => => => For Linux systems, the Python script connects to a remote URL at => 39.107.154.72 and pipes the output to the bash shell. Unfortunately, There seems to have been an editing mistake .... The "reporter" from bleepingcomputer probably meant to write: Fortunately, that host is down, disabling the C&C aspects of the botnet and rendering it harmless. => that host is down at the time of this writing, so it is unclear what => commands are executed, but it is believed to open a reverse shell. => -- Mark Bergman Biker, Rock Climber, SCUBA Diver, Unix mechanic, IATSE #1 Stagehand '94 Yamaha GTS1000A^1 2015 Aprilia Caponord https://www.flickr.com/photos/rmsppu ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug