Researchers at ThreatMetrix Labs have come across a new variant of the peer-to-peer (P2P) version of the notorious Zeus trojan. It differs from previous iterations in the way its configuration file is encrypted – rendering all automatic methods useless in detecting the trojan. "The configuration file we analyzed showed a great sophistication in what it injects into the various websites [visited on infected machines]," Andreas Baumhof, CTO at ThreatMetrix, told SCMagazine.com this week in an email. "Through social engineering and genuine 'offers,' they try to lure people into believing [the page] is legitimate [so they give up their personal information]."
Malicious updates have been recently issued to the Python Package Index package "django-log-tracker," which was last modified in April 2022, to facilitate the distribution of the Nova Sentinel information-stealing malware, The Hacker News reports.