Security News > 2023 > March > Python info-stealing malware uses Unicode to evade detection
A malicious Python package on PyPI uses Unicode as an obfuscation technique to evade detection while stealing and exfiltrating developers' account credentials and other sensitive data from compromised devices.
The malicious package, named "Onyxproxy," uses a combination of different Unicode fonts in the source code to help it bypass automated scans and defenses that identify potentially malicious functions based on string matching.
Python's support for using Unicode characters for identifiers, i.e., code variables, functions, classes, modules, and other objects, allows coders to create identifiers that appear identical yet point to different functions.
Python's Unicode support can be easily abused to hide malicious string matches, making code appear innocuous while still performing malicious behavior.
While this obfuscation method isn't particularly sophisticated, it is worrying to see it employed in the wild and might be a sign of broader abuse of Unicode for Python obfuscation.
The risks of Unicode in Python have been extensively discussed in the Python development community in the past.