You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- Python-based PBot adware evolves to deliver cryptocurrency miner and ad extensions

Python-based PBot adware evolves to deliver cryptocurrency miner and ad extensions
Python-based PBot adware evolves to deliver cryptocurrency miner and ad extensions- June 27, 2018
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_564081127.jpg)
- The developers behind PBot are expanding its capabilities beyond that of a simple adware.
- PBot got its name from its core modules that are written in Python
The Python-based adware PBot, also known as PythonBot, is evolving with new capabilities that go beyond just spamming users with advertisements. Kaspersky Lab researchers said the adware has undergone several modifications since it was first detected a year ago and now comes with the ability to run a hidden cryptominer on infected computers.
Some PBot versions detected were capable of placing unwanted advertising on web pages visited by the victim and install ad extensions in the browser. The attackers behind PBot are continually releasing new versions of the latter modification and attempting to infect swathes of Windows PCs, researchers said.
“Developers are constantly releasing new versions of this modification, each of which complicates the script obfuscation,” Kaspersky’s Anton V. Ivanov wrote in a blog post. “Another distinctive feature of this Pbot variation is the presence of a module that updates scripts and downloads fresh browser extensions.”
In April alone, researchers registered more than 50,000 attempts to install PBot on computers of Kaspersky Lab product users - a figure that increased the following month.
PBot seems to be primarily targeting users in Russia, Ukraine and Kazakhstan.
New malicious capabilities
PBot is usually distributed via malicious partner sites whose pages implement scripts that redirect users to sponsored links. If any point on the page is clicked, a new browser window pops up that opens an intermediate link to redirect the user to the PBot download page.
This page is tasked with downloading and running the PBot adware on the victim's computer "by hook or by crook" via an .hta file. This file downloads an executable file which is the NSIS installer of PBot. The installer in turn drops a folder that contains the Python 3 interpreter, a browser extension and Python scripts - one of which runs app.py to handle the update of PBot scripts and downloading of new, malicious browser extensions.
While the browser extensions are used to spam banners on pages visited by the victim, the secretly installed cryptominer eats up the infected system's computing power to generate cryptoccurrency.
"In pursuit of profit, adware owners often resort to installing their products on the sly, and PBot developers are no exception. They release new versions (and update them on user computers), complicating their obfuscation to bypass protection systems," researchers said.
- + Aware
Get such articles in your inbox
News
-
Previous News New Zealand's Z Energy suffers breach, customers' personal data, vehicle types exposed
- June 27, 2018
- |
- Breaches and Incidents
-
Next News You can now log into your Twitter account using a physical USB security key
- June 27, 2018
- |
- Security Products & Services
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News New Zealand's Z Energy suffers breach, customers' personal data, vehicle types exposed
- June 27, 2018
- |
- Breaches and Incidents
-
Next News You can now log into your Twitter account using a physical USB security key
- June 27, 2018
- |
- Security Products & Services
Popular News
Related News
Categories
