In a recent warning of Palo Alto Networks is recorded the discovery of a malware family called “PWOBot.” Infections with PWOBot began appearing in multiple European organizations during mid-to-late 2015; however have records of attacks from 2013.

Security firm explained in a blog that the threat spends most of his time attacking the operating system Windows, particularly in Poland, but is making changes that transcend geographic areas and the operating system.

“The malware itself provides a wealth of functionality, including the ability to download and execute files, execute Python code, log keystrokes, spawn an HTTP server, and mine bitcoins via the victim’s CPUs and GPUs.”

All infections occurred after the company employees download files of a Polish hosting (chomikuj.pl) service.

How malware infects its victims is not exactly clear. File names could be one of the reasons that the malware could have been downloaded by the users who thought that they were downloading another software. It is also possible that are carried out phishing attacks to attract victims to download files.

All outbound traffic is tunneled through Tor and uses encryption to avoid detection by security products.

“PWOBot” is constructed in modular form, so that the attacker can embed different modules during runtime. This malware being developed in Python could easily be ported to other operating systems, such as “Linux” or “OS X”. This fact, in combination with a modular design, makes “PWOBot” a potentially significant threat.

Sources: theinquirer, paloaltonetworks

Image: wikimedia

Disclaimer: InfoCoin is not affiliated with any of the companies mentioned in this article and is not responsible for their products and / or services. This press release is for informational purposes information does not constitute investment advice or an offer to invest.