TRENDING:

Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

Fresh Python-Based Trojan Designed as Information Stealer

Researchers: 'PyMicropsia' Malware Targets Outlook, Web Browsers Akshaya Asokan (asokan_akshaya) • December 15, 2020    
Fresh Python-Based Trojan Designed as Information Stealer
Diagram shows how the PyMicropsia Trojan steals data. (Source: Palo Alto Networks)

A new Python-based information-stealing Trojan dubbed "PyMicropsia" is linked to a hacking group called AridViper, which is active mainly in the Middle East, according to Palo Alto Networks' Unit 42.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The PyMicropsia malware has the potential to target Microsoft Windows devices and can exfiltrate data and information from the victim's web browser as well as Outlook, the report notes. The malware is also capable of taking screenshots, recording audio and killing running programs, the researchers say

PyMicropsia is linked to another Windows malware variant called Micropsia, which has been active in the Middle Eastern region since 2016, according to the Unit 42 report. The researchers also note both PyMicropsia and Micropsia are linked to the malware family deployed by the AridViper hacking group - also known as Desert Falcon or APT-C-23 - which has been conducting cyberespionage campaigns in the Middle East since 2015.

Targeting Victims

While the PyMicropsia Trojan is still under development, the Unit 42 researchers note that its operators are likely using spear-phishing emails to deliver the malware to potential victims or tricking targets into visiting websites that host the malicious code.

Once PyMicropsia is delivered to a targeted device, it appears as a Windows executable by using by PyInstaller - code that converts applications into stand-alone executables, according to the report.

In addition to its data-stealing features, the malware also uses built-in Python libraries, PyAudio for audio stealing and managed security services to take screenshots, the report adds.

Although the malware extensively uses Python features, the researchers note many of the malicious software's capabilities remain unused, which is considered a sign that its operators are still developing the malware and adding capabilities.

Other Targets

PyMicropsia has been mainly designed to target Windows devices, but the researchers note the malware also contains code that checks if the device is running other operating systems that use POSIX, a standard that allows for interoperability between operating systems, or Darwin, which is a Unix-like OS.

"This is an interesting finding, as we have not witnessed AridViper targeting these operating systems before and this could represent a new area the actor is starting to explore," the Unit 42 report notes.

In September, the security firm ESET uncovered Android spyware used by AridViper for reading notifications from messaging apps and recording calls and screens. The attackers were spreading this malware as an Android app, the report said.

In February, Israeli security firm Check Point revealed that the Palestinian group Hamas used AridViper malware disguised as dating apps to target soldiers in the Israel Defense Forces.

Previous
COVID-19: 'The Whole Country Is on Fire'
Next
SolarWinds Breach: 'The Scale, the Scope, the Subtlety'

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.



Around the Network

Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.