Attacker Unleashes Stealthy Crypto Mining via Malicious Python Package
19-Sep-23
The initial action taken by “culturestreak” is to decode a number of Base64-encoded strings. This method of obfuscation is frequently used to conceal sensitive information or to make it more challenging to decipher the purpose of the code. It decodes variables like HOST, CONFIG, and FILE so they can be utilized later on in the process. As a lead-in to its more damaging deeds, this is the script’s first instance of lying.
The FILE variable is then set to a random integer between 1 and 999999 by the malicious code. The malicious program that was downloaded uses this variable FILE as its filename. The capacity of antivirus or security software to identify dangerous files based on set naming standards may be hindered as a result.
