- Attacks Against Ukraine and Poland Continue to Use the PicassoLoader Malware - August 18, 2023
- Infrastructure and Stock for Genesis Market Were Sold on a Hacker Forum - August 18, 2023
- Schools in Franklin County Have Been Closed due to a Ransomware Attack - August 18, 2023
Hackers were discovered distributing the KEKW virus through the use of malicious Python.whl files in this campaign. These documents resemble ZIP archives in that they include all the items required to install a Python package, such as the metadata, data files, and source code.
The Bitcoin address was discovered to be linked to the clipper activity of the threat actors in over 20 of these infected kits. The domain name kekwltd[.]ru was included in the bulk of these malicious packages, followed by blackcap[.]ru in a small number of them.
Features of the KEKW virus
The KEKW virus, which is written in Python, employs the system_information() method to gather information about the system, including login credentials, machine names, Windows product key and version, RAM size, HWID, IP address, location, and Google Maps data.
With the use of the malware’s clipper feature, attackers may steal money from victims by substituting their own bitcoin address for the one that was intended. Once the information has been taken, the virus formats it as JSON, zips it up, and transfers it to the C2 server that the hackers control.
The organization that created the KEKW stealer virus has started a significant push to disseminate it. For instance, they can expose businesses to supply chain assaults by utilizing malicious Python software.
Security specialists must thus be on guard and act quickly to remove these packages from the repository. This will lessen how damaging the attacks are.