Discovered a new type of virus called PyMICROPSIA that can spy on Windows computers and steal a lot of information from users, including bank account information.
Researchers from Unit 42, one of the computer security divisions of Palo Alto Networks, have discovered a new dangerous virus called PyMICROPSIA. The name was not chosen at random, as it is an evolution of the already known malware trojan of the MICROPSIA family, but written in Python language instead of the classic C++.
The characteristic of this virus is its ability to thoroughly spy on the computers, only Windows, that it infects and to steal any information typed by the user. Including account passwords and online bank account access data. Ma non solo: come già visto per tutta la famiglia di virus MICROPSIA chi ha programmato questo nuovo malware sembra avere una passione per il cinema, le serie TV e l’universo Disney. PyMICROPSIA, in particolare, ha persino un modulo chiamato “Keanu Reeves" e uno chiamato “Fran Drescher" (l’attrice protagonista della serie TV “La tata“).
Come funziona PyMICROPSIA e perché è pericoloso
PyMICROPSIA ha una dinamica di funzionamento abbastanza classica, ma capacità molto evolute: una volta entrato nel computer da attaccare può fare praticamente di tutto. Può trasferire file del computer verso un server di controllo remoto, scaricare altri virus, rubare le credenziali di accesso del browser, fare screenshot, registrare ogni cosa che l’utente scrive con la tastiera (keylogger).
A quest’ultima capacità, che è quella più pericolosa per il conto in banca online dell’utente, PyMICROPSIA ne aggiunge altre specifiche per lo spionaggio: riesce a leggere e copiare le email di Outlook e può persino registrare audio prendendo il controllo del microfono del laptop. Infine, può anche eseguire del codice pericoloso.
E’ chiaro, quindi, che PyMICROPSIA è un “info-stealer" a tutto tondo con capacità sia di spionaggio che di trojan bancario complete. In altre parole: se PyMICROPSIA entra nel nostro computer Windows né le nostre informazioni private né i nostri soldi sono più al sicuro.
PyMICROPSIA, Keanu Revees and TV Series
If it weren't for the fact that PyMICROPSIA is a truly dangerous virus, you would almost laugh when you read, as Unit 42 researchers tell us, that in order to work this virus calls modules with names like "Keanu Reeves" or "Fran Descher" (which contain other dangerous instructions to be executed) and contains in its code numerous references to Disney movies and TV series like The Big Bang Theory and Game of Thrones.
PyMICROPSIA prepares for attack
The reference to the entertainment world is a distinctive feature of the entire MICROPSIA family of viruses, which are usually spread via a shortened Bit.ly link inserted in a phishing email. These viruses seem to have been developed in the Middle East by a group of hackers called AridViper and, so far, they have been spread mainly in that region.
Unlike what we have seen in other MICROPSIA viruses written in C++, however, Unit 42 has found in PyMICROPSIA (which, let us remind you, currently only attacks Windows PCs) references to the POSIX standard, used by some UNIX operating systems, and to Darwin, which is instead one of the components of the macOS operating system.
So it would seem that AridViper hackers are developing new versions of this info-stealer trojan to launch large-scale attacks against computers with different operating systems. And this is not good news.