Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection

The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware being distributed alongside a Monero coin miner.

This malware leverages the PyBitmessage library, a Python implementation of the Bitmessage protocol, to establish covert peer-to-peer (P2P) communications.

Unlike traditional HTTP or IP-based methods, PyBitmessage encrypts data exchanges and anonymizes both sender and receiver identities, effectively masking the central server’s traces.

This innovative approach not only complicates detection by antivirus software and network security solutions but also blends malicious communications with legitimate user traffic on the Bitmessage network.

By exploiting a protocol designed for privacy and decentralization, threat actors have crafted a stealthy mechanism to issue command-and-control (C2) instructions, making it exceptionally challenging for security tools to flag these interactions as malicious.

Backdoor Malware Linked to Monero Mining

The malware’s operation begins with the decryption of encrypted resources stored within its top-level file using ...