A report released by Palo Alto’s Unit 42 researchers outlines a new Trojan they have seen that has been targeting Microsoft Windows systems with data exfiltration techniques. The trojan has been named PyMicropsia due to its links to the Micropsia malware and it being written in Python. The malware is authored by AridViper an active threat group that has been previously identified and is responsible for developing other malware. The information-stealing capabilities of PyMicropsia include uploading, payload downloading/execution, browser-credential stealing (and the ability to clear browsing history and profiles), taking screenshots, and keylogging. Along with these the malware can collect file listing information, delete files, reboot machines, collect information from USB drives, and record audio. Based on the analysis of the malware, many parts have not been used yet which leads researchers to believe that the malware is still in the development phase.
The malware is still in development so it is likely changes will be seen to the malware and the way it works. Two other samples of the malware were identified by Palo Alto. These samples appeared to be designed to target portable operating systems and “Darwin”, a Unix-based operating system. PyMicropsia has relations to the Micropsia malware family, another AridViper malware known for targeting Windows. Defenders should utilize a service such as Binary Defenses Managed Detection and Response which can help identify attacks and respond quickly to limit the amount of damage that occurs.
More can be read here: https://threatpost.com/windows-trojan-steals-browser-credentials-outlook-files/162223/