PyMicropsia Malware

The PyMicropsia Malware is the name given by infosec researchers to a new strain of data-collecting malware that has been observed as part of the threatening operations of AridViper, a hacker threat group that has been targeted organizations from the Middle East predominantly. The threat, and the reason for its name, has strong links with AridViper's previous threatening tools from the Micropsia family, such as code overlaps and similarities in both its behavior and the Command-and-Control infrastructure.

The threat has a wide range of data-collecting capabilities. Once fully established on the compromised computer system, PyMicropsia can harvest Outlook.OST files while also being capable of killing or disabling Outlook processes. OST files in Outlook allow users to work in an offline environment with any of the changes they made being synchronized with the Exchange server the next time the user goes online. The threat can extract contacts, tasks, messages, calendar data, and other account information from these files. In addition, the threat also can compromise and collect browser credentials.

The threatening capabilities of PyMicropsia do not stop there, though. The AridViper hackers have equipped the malware with an impressive array of additional threatening functionalities. The threat can delete or exfiltrate files, fetch and download additional payloads, take screenshots, establish keylogging routines, scan USB drives for information, collect listing information and reboot the infected system. Through any microphone attached to the computer, PyMicropsia also can start recording audio.

Although AridViper hackers have been targeting Windows systems only consistently, unused code snippers found inside PyMicropsia indicate that they might be looking to expand currently. Infosec researchers discovered several sections of code found inside PyMicropsia indicate that the threat could become even more powerful soon. The functions are tasked with performing a check for the POSIX, Portable Operating System Interface, and Darwin, an open-source Unix-like operating system.