Cyborg Security reported recently that malware is starting to appear that has been written using the Python programming language. Traditionally, most malware has been written in compiled languages, such as C or C++.
The reason is simple. Compiled languages let the attacker create smaller, harder to detect, executables. However, Python’s popularity and ease of use has made it more appealing to malware authors. The biggest problem with Python for malware is that it tends to use considerably more RAM and CPU than malware written in C or C++.
Of course, with PCs being as powerful as they are now, this is no longer an issue. Especially when you consider that there are so many applications being written with Electron. Your web browser is now a huge resource hog!
As the Cyborg Security website points out, you can use PyInstaller or py2exe to create an executable of your Python code. What that article doesn’t mention is that someone will need to digitally sign that software as well to get it to run on Windows 10. One thing the article mentions that was interesting to me is that you can use Nuitka to basically transpile your Python code to C and you’ll end up with a much smaller executable than you would with either PyInstaller or py2exe.
Specific examples of Python malware include SeaDuke that was used against the Democratic National Committee back in 2015 and 2016. They also mention PWOBot, which was a similar piece of Python malware that did key logging as well as downloaded and executed other applications.
Trend Micro covered PyLocky, a Python-based ransomware. It could encrypt files using 3DES.
The last piece of malware that was mentioned was PoetRAT, a trojan that was used against the Azerbaijan government and energy sector this year.
Check out the full article. It’s really interesting and covers a lot more about this topic.