Well-Established Cybercriminal Ecosystem Blooming in Iraq

  /     /     /  
Publicated : 23/11/2024   Category : security


Well-Established Cybercriminal Ecosystem Blooming in Iraq


A malicious Telegram bot is the key to a veritable flourishing garden of nefarious cybercriminal activity, which was discovered via a series of Python packages.



A sprawling criminal network has emerged in Iraq, linked to a Telegram bot that dates back to 2022 and contains more than 90,000 messages, mostly in Arabic.
According to researchers at Checkmarx, the bot is the key to a larger, sophisticated cybercriminal ecosystem, including a thriving underground marketplace offering social media manipulation services and financial theft tools, and a suite of malicious PyPI packages that exfiltrate user data.
A series of malicious, Arabic-language Python packages recently surfaced on the Python code repository PyPI
according to Checkmarx
, uploaded by a user named dsfsdfds. Upon further examination, the researchers found them to contain a malicious script that was pilfering sensitive user data out to a Telegram bot chat.
The malicious script … begins by scanning the users file system, focusing on two specific locations: the root folder and the DCIM folder, according to the report, released today. During this scanning process, the script searches for files with extensions such as .py, .php, and .zip files, as well as photos with .png, .jpg, and .jpeg extensions.
The packages also contained a hardcoded Telegram ID and token, which Checkmarx researchers used to gain direct access to the attackers Telegram bot, where they discovered a significant history of activity, with records dating back to at least 2022, long before the malicious packages were released on PyPI.
Ultimately, the 90,000 messages pointed to an origin in Iraq, with ties with many other bots to boot. In all, its clear that Iraq is home to a heretofore unknown, thriving cybercriminal enterprise with a raft of illicit services on offer.
The discovery of the malicious Python packages on PyPI and the subsequent investigation into the Telegram bot have shed light on a sophisticated and widespread cybercriminal operation, the report concluded. What initially appeared to be an isolated incident of malicious packages turned out to be just the tip of the iceberg, revealing a well-established criminal ecosystem based in Iraq.
The discovery underscores the role that open source software continues to play when it comes to
providing an attack vector for compromising enterprise information
, the researchers noted, adding that they plan to release further details on the Iraq underground discovery in the coming months.
As the fight against malicious actors in the open-source ecosystem persists, collaboration and information sharing among the security community will be critical in identifying and thwarting these attacks, they said. Through collective effort and proactive measures, we can work towards a safer and more secure open-source ecosystem for all.

Last News

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Well-Established Cybercriminal Ecosystem Blooming in Iraq