Latest Malware May Soon Attack Linux, Mac Operating System

December 17, 2020

According to the report,   recently discovered windows info-stealing malware linked to an active grouped tracked as AridViper, it explained that it might be used to infect  the Linux and Mac operating System.

The original Trojan named  PyMICROPSIA by Unit 42 was exposed while investigating AridViper activity that also tracked as Desert Falcon and APT-C-23. An organization of Arabic Speaking Cyberspies focusing their attacks on Middle Eastern targets since at least 2011.

AridViper  operates mainly out of Palestine, Egypt and Turkey and the most of victims they  compromised  exceeded 3000 in 2015 [PDF]; according to the Global Research and Analysis Team.

New Attack Vectors Initiate within the Code:

  • PyMICROPSIA is a python-based malware that specifically targets windows based Operating System. Cyber criminal use binary generated pyInstaller. Unit 42  has also discovered code snippets that its inventor  are potentially working on adding multi-platform support.
  • It is mainly designed to target Windows operating system but the code contains interesting snippets checking for other operating system such as ‘posix’ or ‘drawin’ as unit 42.
  • It might have been introduces by the malware’s developers while copy –pasting code from other projects and could very well be removed in future version of the PyMICROPSIA

Data Theft and Delivery of additional payloads:

  • Unit 42 has unearthed a long list of feature while analysing malware found on compromised System and payload or download from attackers command and control (C2) server while it comes to PyMICROPSIA Trojan.
  • The list of information-stealing and control capabilities includes data theft, device control and additional payload distribution features.
  • PyMICROPSIA makes use of python libraries for a wide range of purposes, ranging from information and file theft to windows process, file system and registry interaction.
  • The Trojan’s keylogging capability implemented using the GetAsynckey state API that is a part of a single Payload it downloads from the C2 server.
  • A downloaded payload is also used for gaining persistence by reducing a .LNK shortcut in the compromised System Windows Startup folder.

More Stories

How Optimum Gives a Seamless Gaming Experience?

December 13, 2023

Windows 11 Update: Say Bye To These Features

June 25, 2021

Massachusetts MassNotify Android COVID App Forced By Google

June 21, 2021

You may have missed

How to Remove Bounce off the Wall Extension

May 4, 2024

How to Remove Cn.hfg7brcw.xyz from PC

May 4, 2024

How to Remove Error Held Browser Extension

May 4, 2024

How to Remove Pianoic Browser Extension

May 4, 2024
impacts

How to Remove Private-searches.com from PC

May 4, 2024