PyMicropsia Malware

The MICROPSIA malware family has been around since 2019, and the criminals behind it appear to have unleashed a new update to this malware family recently. The latest threat, dubbed PyMicropsia Malware, shares many similarities with the original project. However, this time the criminals have opted to rely on the Python programming language to craft the project. In its current state, the PyMicropsia Malware has been deployed in attacks against organizations and companies operating in the Middle East.

Both the MICROPSIA and PyMicropsia Malware are the product of AridViper, an Advanced Persistent Threat (APT) actor specializing in activities against Middle Eastern entities. The newly-identified Python-based malware is capable of providing attackers with access to the files and credentials found on infected machines, as well as with plenty of other opportunities. The PyMicropsia Malware can:

• Collect browser credentials, history, profiles, and more.
• Grab screenshots and transfer them to the control server.
• Log keystrokes.
• Manage the file system.
• Record audio via the microphone.
• Collect data from removable storage devices.
• Collect files used by Microsoft Outlook.

The PyMicropsia Malware works on Microsoft Windows exclusively, but cybersecurity experts warn that the criminals might be planning to expand their operation in the future – the code of the PyMicropsia Malware included some functionality meant to check the infected system's operating system. So far, there's no confirmed cases in which the PyMicropsia Malware has been used against systems other than those running Windows.

The AridVIper hackers are clearly working on advancing their toolkit, and future attacks in the Middle East are likely to be their primary plan. Windows networks can be protected from threatening software like the PyMicropsia Malware by employing proper network security protocols and relying on reputable anti-virus software.