No Python Interpreter? This Simple RAT Installs Its Own Copy For a while, I'm keeping an eye on malicious Python code targeting Windows environments[1][2]. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating systems. Python is often available on developers, system/network administrators, or security teams. Like the proverb says: "You are never better served than by yourself", I found a simple Python backdoor that installs its own copy of the Python interpreter! The backdoor is installed via a VBS script (SHA256:eda050c767cb65150b1f4c8a4307c15baf5aebf211367191aaf7ede3aee823d5) has a VT score of 11/58[3]. I don't know how it is delivered and executed on the target computer but, it is light and easy to read. Here is a full copy: