When the bundled application is launched, a bootloader is spun up and those dependencies are unpacked into a temporary folder and called as needed. Rather, it bundles all the libraries and other components the Python code requires into. Because Python is a scripting language, PyInstaller does not compile the code in the traditional sense. The issue lies in how PyInstaller turns Python code into executables. "This kind of bias implies that AVs were not scanning the packages that PyInstaller produces properly, but due to the wide use of Python, we did not expect the reason being the Python bytecode." "From the very beginning we knew that something quite wrong was happening as all applications were flagged as malicious," Patsakis explained. The extent of the issue, however, was never really understood. In many cases, apps based on Python produce false positives. Patsakis told SearchSecurity that the team went into the research knowing that antivirus engines already have a problem properly handling Python applications. "As we prove, the problem is deeper and inherent in almost all antivirus engines and not PyInstaller specific." "Interestingly, our approach to generating the malicious executables is not based on introducing a new packer but on the augmentation of the capabilities of an existing and widely used tool for packaging Python, PyInstaller but can be used for all similar packaging tools," wrote Vasilios Koutsokostas and Constantinos Patsakis in the research paper, which was published this week. This means that, rather than spend the extensive time and money required to obfuscate code and create an untraceable malware packer from scratch, cybercriminals would be able to take advantage of the most popular Python application builder to create packers that are not caught in scans.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |