Windows systems are being targeted by brand-new Python malware

January 27, 2023 By Raulf Hernes

(Image Credit Google)

Securonix cybersecurity researchers recently discovered a new Python-based malware that can steal files from affected endpoints and record keystrokes. Since August 2022, the researchers have discovered multiple versions of the malware, which is known as PY#RATION. This suggests that it is being actively developed. The malware communicates with the command and control (C2) server via the WebSocket protocol to obtain instructions and possibly extract sensitive data. Also Read: Wiper malware is in the air, as it is effective, fast, & irreversible The malware, according to Securonix, "uses Python's built-in Socket." IO framework, which supports both client and server WebSocket communication with its features." This is the channel that the malware uses to get commands and get data. According to the publication, the advantage of WebSocket is that it enables the malware to simultaneously receive and send data over a single TCP connection via commonly used ports. [caption id="attachment_84685" align="alignright" width="1000"]

Trismegist san via Shutterstock[/caption]

Numerous features:

Additionally, the researchers stated that the attackers used the same C2 address throughout. The researchers assumed that PY#RATION was going undetected for months because the IPVoid checking system has yet to block the address. Network enumeration, file transfer to and from the C2, keylogging, shell commands execution, host enumeration, cookie exfiltration, password exfiltration from the browser, and clipboard data theft are all features of PY#RATION. Also Read: 5 Easy Steps to Safeguard Your Business from Cyberattacks The malware is being distributed by the attackers via traditional phishing emails. The email contains a.ZIP archive that is password-protected. When the archive is unpacked, it contains two shortcut files that are designed to resemble image files: front.jpg.lkn and back.jpg.lnk. The front and back of a fake driver's license are referred to in the file names "front" and "back." The front.txt and back.txt files will be downloaded from the internet if the victims click on the files. After that, they are renamed and run as.bat files. To discourage its removal from the system, the malware itself attempts to disguise itself as Microsoft's virtual assistant Cortana.

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!

Windows systems are being targeted by brand-new Python malware

Numerous features:

Walmart's GenAI Search Engine: Challenging Google's Dominance in Retail Search

Introducing the MSI Claw Handheld: Your Ultimate Gaming Companion

Uber Increases In-App Ads, Prompting Mixed Reactions from Customers

Apple's iOS 18: A Leap into the AI Era

Google's Regular Pixel 8 Won't Get Gemini Nano AI

MacBook Air M3 Makes Amends for M2's Storage Blunder

Samsung Unveils the Galaxy M15 5G

Elon Musk's xAI to Open-Source Chatbot Grok

Contra: Operation Galuga - A Modern Run-and-Gun Classic

Musk Confirms X's TV App Arrives This Week

Tech Titan Elon Musk Unveils XMail, Challenging Gmail's Dominance

WhatsApp Stories Get a Makeover: Easier to Catch Up with Friends' Updates!

Cash App Heats Savings Game with 4.5% APY, But Watch the Catches!

Shazam Gets Mind-Reading Headphones?

Artisse AI raises $6.7 million for its 'more realistic' AI photography app.

How to search the web with ChatGPT?