Security News > 2023 > January > New stealthy Python RAT malware targets Windows in attacks
A new Python-based malware has been spotted in the wild featuring remote access trojan capabilities to give its operators control over the breached systems.
The PY#RATION malware is distributed via a phishing campaign that uses password-protected ZIP file attachments containing two shortcut.
TXT files which are eventually renamed to BAT files to accommodate the malware execution.
Upon launch, the malware creates the 'Cortana' and 'Cortana/Setup' directories in the user's temporary directory and then downloads, unpacks, and runs additional executable files from that location.
Stealthy PY#RATION RAT. The malware delivered to the target is a Python RAT packed into an executable using automated packers like 'pyinstaller' and 'py2exe,' which can convert Python code into Windows executables that include all the libraries required for its execution.
The analysts noticed that the threat actors used the same C2 address throughout their campaign, from malware version 1.0 to 1.6.0.
News URL
Related news
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)