I published the following diary on isc.sans.edu: “No Python Interpreter? This Simple RAT Installs Its Own Copy“:
For a while, I’m keeping an eye on malicious Python code targeting Windows environments. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating systems. Python is often available on developers, system/network administrators, or security teams. Like the proverb says: “You are never better served than by yourself”, I found a simple Python backdoor that installs its own copy of the Python interpreter… [Read more]
One comment