The malware called PWOBot has already infected a number of Europe-based organisations, particularly in Poland, according to new research. Distribution routes include the Polish file-sharing web service chomikuj.pl. Victims include a Polish national research institution, a Polish shipping company, a large Polish retailer, a Polish information technology organisation, a Danish building company and a French optical equipment provider.
According to security researchers at Palo Alto Networks, the malware itself provides a wealth of functionality, including the ability to download and execute files, execute Python code, log keystrokes, spawn a HTTP server, and mine Bitcoins via the victim’s CPUs and GPUs.
The underlying code is cross-platform, so the malware might easily be ported over to the Linux and OS X operating systems. That fact, coupled with a modular design, makes PWOBot a potentially significant threat.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now