The Liberp operation worked out by ESET

In mid-April 2015, ESET laboratory employees in Latin America received a report on the "liberty2-0.exe" executable file detected as Python / Liberpy.A . The threat turned out to be an advanced keylogger, which not only captured the keys pressed on the keyboard, but also the movement and clicks of the mouse. The collected data was sent to the server controlled by the attackers, and after the infection the computer was attached to the botnet network. Since the file "liberty2-0.exe" pointed to the second version of the keylogger, the experts decided to look for data about the previous one and the scope of the attack.

The predecessor of "liberty2-0.exe" was another executable program with the same name - "liberty1-0.exe", but detected by the ESET antivirus engine as Python / Spy.Keylogger.G. The first detection of the "liberty1-0.exe" sample dated to the middle of August 2014 provided a lot of interesting information about the attack. It turned out that according to the collective technology of ESET Live Grid , the glocalisation of the threat in 98 percent pointed to Venezuela. In addition, after the process of decompiling the file based on the words and language of comments, it was found that the malware was directed at the users of this country.

Malicious Python / Liberpy.A software was designed to steal information from infected machines. To accomplish this goal, cybercriminals used the Trojan with keylogging functions distributed in e-mails that contained a malicious attachment - an alleged program to track the status of courier parcels. For several months, cybercriminals have managed to infect over 2,000 computers.

Source: ESET



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.