.. /.Pyo

Executable
Script
External

Author:

mr.d0x

Description:

PYO are Compiled Python script files. By default Python is not installed on Windows. Usually, once Python is installed, .pyo files are executed via the Python interpreter upon being double clicked.

OS:

Windows
Mac
Linux

Recommendation:

Block the execution of PYO files. Whitelist users/groups when required.

Resources:

https://www.cyborgsecurity.com/cyborg_labs/python-malware-on-the-rise/

File Samples:

Contributions: