Security News > 2023 > January > New stealthy Python RAT malware targets Windows in attacks
A new Python-based malware has been spotted in the wild featuring remote access trojan capabilities to give its operators control over the breached systems.
The PY#RATION malware is distributed via a phishing campaign that uses password-protected ZIP file attachments containing two shortcut.
TXT files which are eventually renamed to BAT files to accommodate the malware execution.
Upon launch, the malware creates the 'Cortana' and 'Cortana/Setup' directories in the user's temporary directory and then downloads, unpacks, and runs additional executable files from that location.
Stealthy PY#RATION RAT. The malware delivered to the target is a Python RAT packed into an executable using automated packers like 'pyinstaller' and 'py2exe,' which can convert Python code into Windows executables that include all the libraries required for its execution.
The analysts noticed that the threat actors used the same C2 address throughout their campaign, from malware version 1.0 to 1.6.0.
News URL
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)