Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    New Python-based RAT Uses WebSocket for C2 and Data Exfiltration

    justmattgBy justmattgJanuary 26, 2023No Comments3 Mins Read

    [ad_1]

    Jan 26, 2023Ravie LakshmananThreat Detection / Endpoint Security

    Python Malware Websockets

    Cybersecurity researchers have unearthed a new Python-based attack campaign that leverages a Python-based remote access trojan (RAT) to gain control over compromised systems since at least August 2022.

    “This malware is unique in its utilization of WebSockets to avoid detection and for both command-and-control (C2) communication and exfiltration,” Securonix said in a report shared with The Hacker News.

    The malware, dubbed PY#RATION by the cybersecurity firm, comes with a host of capabilities that allows the threat actor to harvest sensitive information. Later versions of the backdoor also sport anti-evasion techniques, suggesting that it’s being actively developed and maintained.

    The attack commences with a phishing email containing a ZIP archive, which, in turn, harbors two shortcut (.LNK) files that masquerade as front and back side images of a seemingly legitimate U.K. driver’s license.

    Opening each of the .LNK files retrieves two text files from a remote server that are subsequently renamed to .BAT files and executed stealthily in background, while the decoy image is displayed to the victim.

    Also downloaded from a C2 server is another batch script that’s engineered to retrieve additional payloads from the server, including the Python binary (“CortanaAssistance.exe”). The choice of using Cortana, Microsoft’s virtual assistant, indicates an attempt to pass off the malware as a system file.

    Two versions of the trojan have been detected (version 1.0 and 1.6), with nearly 1,000 lines of code added to the newer variant to support network scanning features to conduct a reconnaissance of the compromised network and concealing the Python code behind an encryption layer using the fernet module.

    Other noteworthy functionalities comprise the ability to transfer files from host to C2 or vice versa, record keystrokes, execute system commands, extract passwords and cookies from web browsers, capture clipboard data, and check for the presence of antivirus software.

    What’s more, PY#RATION functions as a pathway for deploying more malware, which consists of another Python-based info-stealer designed to siphon data from web browsers and cryptocurrency wallets.

    The origins of the threat actor remain unknown, but the nature of the phishing lures posits that the intended targets could likely be the U.K. or North America.

    “The PY#RATION malware is not only relatively difficult to detect, the fact that it is a Python compiled binary makes this extremely flexible as it will run on almost any target including Windows, OSX, and Linux variants,” researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said.

    “The fact that the threat actors leveraged a layer of fernet encryption to hide the original source compounds the difficulty of detecting known malicious strings.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous Article‘Outlander’ Fans “Refuse to Believe” Sam Heughan and Caitriona Balfe’s Upsetting News
    Next Article U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑