In mid-April 2015, ESET’s Laboratory in Latin America received a report on an executable program named “Liberty2-0.exe” detected by us as Python/Liberpy.A. It was a keylogger, a threat that undermines the security of a system by reporting all keyboard events (keys the user presses), as well as mouse movements, to a server controlled by the attackers.
The preliminary threat analysis strongly suggested that it had been developed in the region, triggering two fundamental questions: Is there a 1.0 version? What is the scope of this attack?
Based on the name of the threat, we decided to look for indicators related to Liberpy, and found in our records another executable program with virtually the same name “Liberty1-0.exe“, but detected as Python/Spy.Keylogger.G. The first variant appeared in mid-August 2014, providing important clues about the origins of this campaign, which were later confirmed by statistics and detections.
View original post 319 more words