There are many varieties of malware that can affect our computers. Many types that in one way or another could compromise the security and proper functioning of the systems. However, there are generally more problems of this type in Windows. This is mainly due to the fact that it has many more users. However, today we are going to talk about a new malware that affects Windows and that can also put other operating systems such as Linux or macOS at risk.
A new Windows Trojan could affect Linux and macOS
It is a new Trojan called PyMICROPSIA . It is a malicious software whose main mission is to steal information. It has recently been discovered as a problem for Windows users, but it could also affect Linux and macOS systems.
Behind PyMICROPSIA is the AridViper group . They have created this Python-based malware that is initially specifically targeted at Microsoft systems. To do this, it uses a Windows binary generated with PyInstaller. However, the security researchers who have discovered this threat have also detected code snippets that show that they could potentially be working on adding cross-platform support, so that this Trojan could also attack Linux and macOS systems.
Security researchers say this is a striking discovery, as the AridViper group has so far not had its sights set on these operating systems beyond Windows. It could be an indication of what is to come in terms of cross-platform malware.
Data theft, the main objective
Among the objectives that this group has with this variety of malware, data theft is one of the main ones. We already know that personal information today has great value on the web. It can be used to send targeted advertising, include users in spam lists or even sell it to third parties.
But they have also compiled a long list of attacks that can be carried out with this Trojan. For example, we can name the file upload, download and execution of payload, theft of credentials in the browser (in addition to deleting history and profiles), take screenshots, keylogging, delete files, restart the computer, record audio or run commands.
PyMICROPSIA makes use of Python libraries for a wide range of purposes, ranging from information and file theft to Windows process, file system, and registry interaction. The Trojan’s keylogging capability implemented via the GetAsyncKeyState API is part of a separate payload that it downloads from the C2 server.
Ultimately, this new threat may not only compromise Windows systems, but could also become a problem for Linux and macOS. It is essential that we take steps not only to protect ourselves from this problem, but from any similar one.
Our advice is to always have security programs in place . A good antivirus, for example, can prevent malware from entering. It is something that we must apply in all types of operating systems that we are using. But it is also very important to have the equipment correctly updated to correct vulnerabilities, as well as avoid errors that harm us. In another article we explain what Doxing is, a problem that affects privacy.