No Python Interpreter? This Simple RAT Installs Its Own Copy
For a while, I m keeping an eye on malicious Python code targeting Windows environments[1][2]. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating systems. Python is often available on developers, system/network administrators, or security teams. Like the proverb says: You are never better served than by yourself , I found a simple Python backdoor that installs its own copy of the Python interpreter!
The backdoor is installed via a VBS script (SHA256:eda050c767cb65150b1f4c8a4307c15baf5aebf211367191aaf7ede3aee823d5) has a VT score of 11/58[3]. I don t know how it is delivered and executed on the target computer but, it is light and easy to read. Here is a full copy: