Pupy
Pupy is a backdoor Trojan or Remote Access Tool that exploits memory processes to avoid leaving trace files on its victim's hard drives. Besides its well-developed camouflage, Pupy also includes most of the expected features of professional RATs, which allow third parties to take over your PC from a remote connection. For removing Pupy or detecting its presence, malware experts rate this Trojan as a high-level threat that you should counter with professional anti-malware tools working with the latest updates available.
The Scout in Your Memory You Didn't Know About
Remote Access Tools may vary regarding their personal capabilities, ranging from self-cloning worms like Njw0rm to steganography exploiters like the Shady Rat. However, almost all RATs use some means of guaranteeing their persistence on an infected PC. Pupy is no different from its predecessors in this respect and even goes as far as to avoid placing files on the victimized hard drive at all. Instead, the Pupy RAT loads its code directly into already-running memory processes. From that point, Pupy RAT also may 'jump' to new memory processes to avoid being detected.
Besides its hallmark in-memory exploits, Pupy also encompasses many of the features malware experts have seen exhibited by backdoor Trojans of the past, such as:
- Being able to take both desktop and webcam-based screenshots.
- Passively recording your mouse and keyboard input for purposes such as collecting passwords.
- Implementing instructions through the Windows Command Line.
- Modifying network port settings to prevent any restrictions on its SSL-encrypted communications.
Any features not covered by Pupy by default could implement themselves via attachable modules selected by the Trojan's admin. Like Pupy, these modules are injected into memory, and may use the same, user-friendly Python code that facilitates easy development. Future patches for Pupy include focusing on expanding its spyware-related features, such as recording network traffic, as well as making Pupy RAT even harder to be detected on Unix-based systems.
Escorting a RAT out of Memory and out of Mind
Even in its current development state, Pupy is a major threat to the safety and privacy of PC users who has it Pupy installed on their systems. Because of its robust feature set aimed at preventing its detection, anyone suspicious of Pupy's possible presence should use dedicated anti-malware products for verification and, hopefully, removing Pupy. Using Safe Mode, a standard security feature for many OSes, can help to limit the interference of Pupy and related threats, as well as limiting the memory processes they may interfere with at the time of your scan.
Pupy may be compatible with most major operating systems, including Windows, Mac's OS X and Unix systems like Linux. The fact that its source code is available online means that con artists could use Pupy easily for different campaigns with a range of different deployment methods. Based on the relative simplicity of coding in Pupy's chosen language, Python, Pupy's further development also is likely to be rapidly expansive. For the time being, malware experts only can advise continuing with all standard safety guidelines, such as scanning suspicious e-mail attachments, avoiding torrents and blocking scripts in your Web browser.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.