Program Files Windows News Today : Breaking News, Live Updates & Top Stories | Vimarsana

No Python Interpreter? This Simple RAT Installs Its Own Copy
For a while, I m keeping an eye on malicious Python code targeting Windows environments[1][2]. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating systems. Python is often available on developers, system/network administrators, or security teams. Like the proverb says: You are never better served than by yourself , I found a simple Python backdoor that installs its own copy of the Python interpreter!
The backdoor is installed via a VBS script (SHA256:eda050c767cb65150b1f4c8a4307c15baf5aebf211367191aaf7ede3aee823d5) has a VT score of 11/58[3]. I don t know how it is delivered and executed on the target computer but, it is light and easy to read. Here is a full copy: ....

Xavier Mertens , Wscript Createobject , Shellexecute Wscript Fullname , Wscript Scriptfullname , Copyhere Filesinzip , Webclient Downloadfile , Program Files Windows , Program Files , Arguments Named Exists , New Object System , Shell Namespace , Socket Writeline , Python Writeline , Cyber Security , Reverse Engineering Malware , Malware Analysis Tools , ஐயேவியர் மேர்தேன்ஸ் , ப்ரோக்ர்யாம் கோப்புகள் , புதியது பொருள் அமைப்பு , சைபர் பாதுகாப்பு , தலைகீழ் பொறியியல் தீம்பொருள் , தீம்பொருள் பகுப்பாய்வு கருவிகள் ,