PyMICROPSIA malware is developed to target Windows operating systems yet it checks for other operating systems, such as “darwin” or “POSIX.”
In 2015, Trend Micro researchers identified a group of hackers called Arid Viper targeting victims in the Middle East especially Israel. The particular campaign involved malware infection through spear-phishing emails containing a pornographic video.
The video was actually malware that gathered data from compromised machines through what is known as a “smash-and-grab attack.”
Now, the IT security researchers at Palo Alto Networks’ Unit 42 have noted that the Arid Viper group is back in action but this time it is using a new infostealer trojan while its targets remain the same.
Dubbed PyMICROPSIA by researchers; the malware is written in Python language and is capable of loads of malicious activities upon infection. This includes:
Keylogging.
Deleting files.
File uploading.
Audio recording.
Taking screenshots.
Rebooting machine.
Executing commands.
Collecting file listing information.
Payload downloading and execution.
Compressing RAR files for stolen information.
Collecting process information and killing processes.
Deleting, creating, compressing, and exfiltrating files and folders.
Collecting Outlook .ost file. Killing and disabling Outlook process.
Collecting information from USB drives, including file exfiltration.
Browser credential stealing. Clearing browsing history and profiles.
Although Palo Alto Networks’ pymicropsia windows malware steals browsing record audio
