Home / Companies / JFrog / Blog / Post Details
Content Deep Dive

New .NET Malware “WhiteSnake” Targets Python Developers, Uses Tor for C&C Communication

Blog post from JFrog

Post Details
Company
Date Published
Author
Andrey Polkovnychenko, Security Researcher
Word Count
3,139
Company Posts That Month
6
Language
English
Hacker News Points
-
Summary

The JFrog Security Research team uncovered a new malware payload in the PyPI repository, notable for its C# composition, which is unusual for a primarily Python-focused platform. This discovery highlighted the potential for cross-language malware attacks, with 22 malicious packages identified, designed to target both Windows and Linux systems by executing different payloads based on the operating system. The Windows payload is a variant of the WhiteSnake malware capable of anti-debugging, communication with a command and control server via Tor, and data theft, while the Linux payload is a simpler Python script aimed at stealing information and sending it to a Telegram chat. The JFrog team uses automated tools to monitor open-source software repositories and alerts maintainers and the community to vulnerabilities and threats, updating their database to protect clients against such malicious campaigns.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 1 567 76 50 -21%
Serverless 1 518 98 52 -42%