PY#RATION: New Python-based RAT Uses WebSocket for C2 and Data Exfiltration

2023-01-26 06:01

Cybersecurity researchers have unearthed a new Python-based attack campaign that leverages a Python-based remote access trojan to gain control over compromised systems since at least August 2022.

LNK files retrieves two text files from a remote server that are subsequently renamed to.

The choice of using Cortana, Microsoft's virtual assistant, indicates an attempt to pass off the malware as a system file.

Other noteworthy functionalities comprise the ability to transfer files from host to C2 or vice versa, record keystrokes, execute system commands, extract passwords and cookies from web browsers, capture clipboard data, and check for the presence of antivirus software.

What's more, PY#RATION functions as a pathway for deploying more malware, which consists of another Python-based info-stealer designed to siphon data from web browsers and cryptocurrency wallets.

"The PY#RATION malware is not only relatively difficult to detect, the fact that it is a Python compiled binary makes this extremely flexible as it will run on almost any target including Windows, OSX, and Linux variants," researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said.

News URL

https://thehackernews.com/2023/01/pyration-new-python-based-rat-utilizes.html

#exfiltration #python #RAT