We have described a RAT and download-and-execute tools posteriorly, which are used by the criminal group MuddyWater to attack governmental institutions based on the Middle East, with the objective of collecting critical information. This time, we are going to describe another RAT, which they called Client.Py and is a Python 3.6 and is considered an advanced RAT. Client.Py is configured to support a standard keylogger functionalities such as disabling the Task Manager, collecting passwords stored on the Chrome Web browser, displaying a warning message for its victims in a message box and executing remote commands.
Although the main target of MuddyWater is governmental institutions based on the MiddleEast, there are reports of its attacks on neighboring countries such as Saudi Arabia, Bahrain, Lebanon, Turkey Jodan and Iraq. Until it keeps its focus on the Middle East, the world will be safe from MuddyWater attacks. However, since it is always better 'to be safe than sorry,' we should pay close attention to the development of MuddyWater attacks and tools.