A new information-stealing Trojan with relations to the MICROPSIA malware family has been identified, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities– from gathering browser credentials to targeting Outlook documents.
The trojan, called PyMicropsia (since it is built with Python) has been developed by threat group AridViper, researchers said, which is known for targeting organizations in the Middle East.
PyMICROPSIA Torjan Overview
PyMICROPSIA has a rich set of information-stealing and control capabilities, including:
- File uploading.
- Payload downloading and execution.
- Browser credential stealing. Clearing browsing history and profiles.
- Taking screenshots.
- Keylogging.
- Compressing RAR files for stolen information.
- Collecting process information and killing processes.
- Collecting file listing information.
- Deleting files.
- Rebooting machine.
- Collecting Outlook .ost file. Killing and disabling Outlook process.
- Deleting, creating, compressing and…