Pupy
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 13 |
| First Seen: | December 15, 2015 |
| Last Seen: | July 28, 2019 |
| OS(es) Affected: | Windows |
Pupy is a recently released Remote Access Tool (RAT). One of the characteristics of Pupy that makes it unique is that Pupy can operate as an in-memory process, not requiring an actual file on the computer. Pupy is also particularly effective because Pupy can operate on most major operating systems, including Windows, Mac OS and Linux. This means that Pupy has an enormous potential as a hacking tool and a possible vehicle for devastating threat attacks.
Table of Contents
Revealing Pupy’s Harmful Deeds
Pupy was released in September of 2015. Pupy is written entirely in Python and is compatible across platforms. This makes Pupy especially adaptable. Its operation mode in memory makes Pupy a particularly intriguing tool. Although compatible with the three major operating systems, Pupy is most effective on Windows variants, where it can function completely in memory. The way Pupy does this is by containing its payload in a reflective DLL file, which includes an entire interpreter for the Python language in the targeted computer's memory, meaning that Pupy ever has to go through the targeted computers hard drives.
How Pupy’s Unique Features Make It an Effective RAT
The fact that Pupy can carry out its operations without ever dropping a file on the targeted PC's hard drive means that Pupy is much more difficult to detect by most anti-virus programs than file-based RATs. It also means that Pupy has various additional opportunities to collect data or intercept communications that may not be available to other types of RATs. Apart from the features that make it most attractive, Pupy is also structured in modules. This means that Pupy can be delivered in a basic, stripped-down form, and then load modules depending on what's needed in a particular case. This means that Pupy's approach can be highly diversified to carry out very specific operations on different types of computers.
There are several known operations and modules that have been linked to Pupy. Some of these modules allow Pupy to migrate into other memory processes on the affected operating system. Pupy also can make its modules run in the background, use rootkit techniques, provide interaction with a third-party, and even auto-complete different types of commands. Using Pupy, a third-party can upload or download data from the targeted computer. Pupy also can be used to take screenshots of the affected screen, take over the affected computer's Webcam to take pictures or make videos, create a backdoor on the affected computer, log keyboard and mouse movements or input, and execute code remotely. Essentially, Pupy allows almost unrestricted access to the affected computer.
Pupy: What’s Next for This RAT?
Pupy bots connect to their main server SSL by default, but it seems that it also supports other communication forms. Pupy communicates using Python files or compiled Python C extensions. This is one additional issue that makes computer researchers worry about the future of Pupy: it's integrated Python interpreter makes it easily accessible because Python is considered one of the easier entry level programming languages and one of the most widespread. Pupy's source code is also freely available on Github and, from its project notes, it seems that there is now work being done on supporting additional communication channels, recording network traffic, and allowing Pupy to use the affected computers' microphones to record sound. Work is also being done on making Pupy harder to detect and leave less of a footprint on certain computers. There is no question about it; Pupy is one of the most important hacking tools that have come to the scene in recent years and it'll be important to keep track of its development.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.