Security News > 2023 > January > New stealthy Python RAT malware targets Windows in attacks

A new Python-based malware has been spotted in the wild featuring remote access trojan capabilities to give its operators control over the breached systems.
The PY#RATION malware is distributed via a phishing campaign that uses password-protected ZIP file attachments containing two shortcut.
TXT files which are eventually renamed to BAT files to accommodate the malware execution.
Upon launch, the malware creates the 'Cortana' and 'Cortana/Setup' directories in the user's temporary directory and then downloads, unpacks, and runs additional executable files from that location.
Stealthy PY#RATION RAT. The malware delivered to the target is a Python RAT packed into an executable using automated packers like 'pyinstaller' and 'py2exe,' which can convert Python code into Windows executables that include all the libraries required for its execution.
The analysts noticed that the threat actors used the same C2 address throughout their campaign, from malware version 1.0 to 1.6.0.
News URL
Related news
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Crypto Developers Targeted by Python Malware Disguised as Coding Challenges (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)