Pyloose

Malware updated 4 months ago (2024-05-04T19:19:17.149Z)

Download STIX

Preview STIX

In July, Wiz researchers issued a warning about PyLoose, a malicious software (malware) composed of Python code. This malware is designed to covertly load an XMRig miner—a program used for cryptocurrency mining—into a computer's memory using the memfd Linux fileless process. This technique allows the malware to operate without leaving traces on the hard drive, making it particularly challenging to detect and remove. The name "PyLoose" originates from the URL that hosted the Python loader: https://paste[.]c-net.org/chattingloosened. The PyLoose attack was discovered through the Wiz Runtime Sensor and unfolded in several stages, with initial access gained through an exposed Jupyter Notebook service that failed to restrict the execution of system commands. Once inside the system, the fairly simple Python script holds a compressed and encoded precompiled XMRig miner. This marked the first reported fileless attack on cloud workloads since one detected by AT&T two and a half years prior. To mitigate threats like PyLoose, security professionals are advised to take several precautionary measures. One such measure is to avoid public exposure to services like Jupyter Notebook, which was exploited in this attack. By limiting access and restricting the execution of system commands, potential entry points for similar attacks can be significantly reduced.

Description last updated: 2024-05-04T18:32:44.511Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Xmrig Miner	2	XMRig miner is a type of malware that exploits computer systems to mine cryptocurrency. The malicious software infiltrates the system through deceptive downloads, emails, or websites and then installs legitimate applications such as the I2P tooling and XMRig miner. The dropper, a component of the ma

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Linux

Malware

Python

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Pyloose Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Leftover Links 14/07/2023: Microsoft in Trouble With the FTC Again, This Time Over 'Open' 'AI'
CERT-EU	a year ago	In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks
DARKReading	10 months ago	'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines
CERT-EU	a year ago	Meet PyLoose – First Python-Based Fileless Attack in the Wild