Operation Liberpy: Keyloggers and information theft in Latin America

ESET Ireland

In mid-April 2015, ESET’s Laboratory in Latin America received a report on an executable program named “Liberty2-0.exe” detected by us as Python/Liberpy.A. It was a keylogger, a threat that undermines the security of a system by reporting all keyboard events (keys the user presses), as well as mouse movements, to a server controlled by the attackers.

The preliminary threat analysis strongly suggested that it had been developed in the region, triggering two fundamental questions: Is there a 1.0 version? What is the scope of this attack?

Based on the name of the threat, we decided to look for indicators related to Liberpy, and found in our records another executable program with virtually the same name “Liberty1-0.exe“, but detected as Python/Spy.Keylogger.G. The first variant appeared in mid-August 2014, providing important clues about the origins of this campaign, which were later confirmed by statistics and detections.

According to

View original post 319 more words

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s