Pyloose

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
In July, Wiz researchers issued a warning about PyLoose, a malicious software (malware) composed of Python code. This malware is designed to covertly load an XMRig miner—a program used for cryptocurrency mining—into a computer's memory using the memfd Linux fileless process. This technique allows the malware to operate without leaving traces on the hard drive, making it particularly challenging to detect and remove. The name "PyLoose" originates from the URL that hosted the Python loader: https://paste[.]c-net.org/chattingloosened. The PyLoose attack was discovered through the Wiz Runtime Sensor and unfolded in several stages, with initial access gained through an exposed Jupyter Notebook service that failed to restrict the execution of system commands. Once inside the system, the fairly simple Python script holds a compressed and encoded precompiled XMRig miner. This marked the first reported fileless attack on cloud workloads since one detected by AT&T two and a half years prior. To mitigate threats like PyLoose, security professionals are advised to take several precautionary measures. One such measure is to avoid public exposure to services like Jupyter Notebook, which was exploited in this attack. By limiting access and restricting the execution of system commands, potential entry points for similar attacks can be significantly reduced.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Xmrig Miner
2
The XMRig miner is a malware that uses a complex process to infect systems and exploit them for mining operations. It begins with a dropper, which installs and executes the I2P tooling and the XMRig miner itself. The dropper then utilizes I2P to download a custom XMRig miner and manages the mining o
Jupyter
1
Jupyter, also known as SolarMarker, Yellow Cockatoo, and Jupyter Infostealer, is a malware that has been steadily evolving since 2020. This malicious software targets sectors such as education, healthcare, and small to medium-sized enterprises (SMEs). It is designed to exploit and damage computer sy
Xmrig
1
XMRig is a type of malware that is particularly harmful to computer systems and devices. It infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Python
Linux
Microsoft
Payload
Loader
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Pyloose Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Leftover Links 14/07/2023: Microsoft in Trouble With the FTC Again, This Time Over 'Open' 'AI'
CERT-EU
a year ago
In Other News: Security Firm Hit by Investor Lawsuit, Satellite Hacking, Cloud Attacks
DARKReading
8 months ago
'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines
CERT-EU
a year ago
Meet PyLoose – First Python-Based Fileless Attack in the Wild