We’re sharing information relating to the report on the new Python RAT malware that is targeting Windows through phishing attacks.
A new Python-based malware has been detected featuring remote access trojan (RAT) capabilities which sends the data using the WebSocket protocol to communicate with the command and control (C2) server and exfiltrate the victim's data. Explained another way, victims are clicking the phishing link allowing the hackers to get the data so they can create false identities and accounts (credit cards, bank accounts, etc.).
Bleeping Computer has further analyzed the report from Windows explaining how the malware works. RAT malware is being actively developed as multiple versions have existed since August when the PY#RATION campaign started. A deeper dive into the report and how the new Python RAT malware functions can be found here.
If you have questions or would like a review of your current network security posture, contact PCS today. We're always on, always connected. We're your 24/7 tech partner.