One essential behavior of malware is to remain “stealthy” and perform nasty activities below the radar. But sometimes, it can be attractive to interact with the victim to make it more confident and use the script (that’s my guess). I found a malicious Python script that builds a window and displays it to the user. Python can create powerful GUIs with the help of the tkinter[1] library. It adds support to TCL/TK[2] framework. TCL is an old language I did not use for a long time. My last experience with TCL was related to scripting on Cisco IOS[3]!
Article Link: https://isc.sans.edu/diary/rss/30478