Security News > 2023 > January > New stealthy Python RAT malware targets Windows in attacks
A new Python-based malware has been spotted in the wild featuring remote access trojan capabilities to give its operators control over the breached systems.
The PY#RATION malware is distributed via a phishing campaign that uses password-protected ZIP file attachments containing two shortcut.
TXT files which are eventually renamed to BAT files to accommodate the malware execution.
Upon launch, the malware creates the 'Cortana' and 'Cortana/Setup' directories in the user's temporary directory and then downloads, unpacks, and runs additional executable files from that location.
Stealthy PY#RATION RAT. The malware delivered to the target is a Python RAT packed into an executable using automated packers like 'pyinstaller' and 'py2exe,' which can convert Python code into Windows executables that include all the libraries required for its execution.
The analysts noticed that the threat actors used the same C2 address throughout their campaign, from malware version 1.0 to 1.6.0.
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)