Security News > 2023 > January > New stealthy Python RAT malware targets Windows in attacks
A new Python-based malware has been spotted in the wild featuring remote access trojan capabilities to give its operators control over the breached systems.
The PY#RATION malware is distributed via a phishing campaign that uses password-protected ZIP file attachments containing two shortcut.
TXT files which are eventually renamed to BAT files to accommodate the malware execution.
Upon launch, the malware creates the 'Cortana' and 'Cortana/Setup' directories in the user's temporary directory and then downloads, unpacks, and runs additional executable files from that location.
Stealthy PY#RATION RAT. The malware delivered to the target is a Python RAT packed into an executable using automated packers like 'pyinstaller' and 'py2exe,' which can convert Python code into Windows executables that include all the libraries required for its execution.
The analysts noticed that the threat actors used the same C2 address throughout their campaign, from malware version 1.0 to 1.6.0.
News URL
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)