Kaspersky is also one of the more transparent antivirus companies. It has a high-quality antivirus scanner, some really useful features, and affordable pricing. That said, I still think Kaspersky Total Security is a good internet security suite overall. Plus, the Backup and Restore feature is basically a free Dropbox account (Dropbox gives all users 2 GB storage space, so you’re not really getting anything with this feature). The free VPN only provides 200 MB/day of browsing data (upgraded to 300 MB/day with the Internet Security and Total Security plans), and it only lets you connect to one server (the slowest one). Kaspersky’s system cleanup tools are decent, but competitors like Avira offer far more options. The password manager is okay, but it’s pretty basic - it doesn’t even have essential features like two-factor authentication (2FA) or dark web monitoring, which all of the top password managers in 2022 provide. I also like the Rescue Disk feature (which disinfects computers infected with malware), the secure browser and virtual keyboard (which make online payments secure), and the premium version of the virtual private network (VPN).īut I’m not too impressed with some of Kaspersky’s extras.
I really like its parental controls, which are among the best around. Kaspersky has some great additional features, too. In my tests, it caught all of my malware samples, and its anti-phishing protection detected most of the risky sites I tried visiting. Kaspersky has an excellent antivirus scanner and some pretty good web protections. However, if you are concerned about Kaspersky becoming a threat to your security due to recent geo-political tensions, there are many suitable alternatives, such as Norton and Bitdefender. We have already reported these two packages to the PyPI security team and Snyk Vulnerability Database.Currently, we have no evidence to suggest that Kaspersky (headquartered in Russia) is a danger to its users. The updated information is also sent to the Discord channel. The injected script monitors the victim’s actions such, as changing their email address, password or billing information. Popen ( 'taskkill /im discord.exe /t /f', shell= true ) It randomly selects one of the directories under C:\Users\\AppData\Roaming or C:\Users\\AppData\Local, generates a random eight-characters string consisting of the “bcdefghijklmnopqrstuvwxyz” characters and randomly picks one of extensions from the following list: The downloader terminates if the OS name is not “nt” (Windows). Obfuscation is done using multiple techniques, such as renaming variables and library functions, adding mixed boolean-arithmetic expressions and junk code, and compressing the code chunks with the zlib library. The next stage is a downloader obfuscated with a publicly available tool named Hyperion. Then that one-liner script downloads the next-stage script from and executes it. The script writes another Python one-liner script into a temporary file and then runs that file via the system.start() function. The malicious payload is a Base64-encoded Python script hidden in the “HTTPError” class.
In the malicious package, this script was last modified on July 30, exactly on the date of publication of the malicious package. All mentions of the legitimate package’s name have been replaced with the name of the malicious one.Īfter downloading the malicious packages, it becomes clear that the source code is nearly identical to the code of the legitimate “requests” package, except for one file: exception.py. The project description also references the web pages of the original “requests” package, as well as the author’s email. The description contains faked statistics, as if the package was installed 230 million times in a month and has more than 48000 “stars” on GitHub. The attacker used a description of the legitimate “requests” package in order to trick victims into installing a malicious one. Timeline of uploaded packages: Package name They were masquerading as one of the most popular open-source packages named “ requests“. The malicious packages were intended to steal developers’ personal data and credentials.įollowing this research, we used our internal automated system for monitoring open-source repositories and discovered two other malicious Python packages in the PyPI. On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index (PyPI), the most popular Python repository among software developers.
0 kommentar(er)
