Skip to main content

New Malware Targeting Windows And Other Operating Systems

By January 1, 2021September 1st, 2021Cybersecurity

Researchers on the Global Research and Analysis Team (GReAT) at Kaspersky Lab have recently discovered a new malware strain dubbed PyMICROPSIA, currently being used by a group tracked as AridViper.

AridViper operates primarily in the Middle East, focusing mainly on Palestine, Egypt, and Turkey. Their malware was designed specifically to attack Windows-based machines.

The group hasn’t been active, having compromised a relatively modest 3,000 or so machines since they appeared on Kaspersky’s radar in 2015. That, however, may be changing.

Recent samples of the code reveal that AridViper is continuing to develop its info-stealing malware. They’re arming it with new capabilities and expanding their reach by building in architecture that will allow them to begin attacking machines running both Linux and macOS.

In terms of new capabilities, AridViper seems to be pulling out all the stops. Not all of these have been activated yet, but hooks are now in the code to build out additional functions.

The Other Functions Include:

  • File uploading
  • Payload download and execution
  • Screen captures
  • File compression for easier exfiltration
  • Collection of process information which would allow killing system processes
  • File deletion
  • Automatic reboot
  • Disabling Outlook processes
  • Creating, deleting, compressing and exfiltrating files and folders
  • Collecting information from USB drives
  • Audio recording
  • And more

All this, in addition to the malware’s current info-stealing capabilities, which include the ability to steal credentials from browsers, clear browser histories, keylogging, and the like.

All that to say, if AridViper completes development on all the functionalities listed above and builds out the capability to deploy their malware against Linux and macOS machines, it will be a dangerous strain indeed.

If you have business dealings in the Middle East, you may have already run afoul of this particular strain. Even if you don’t, this is one to watch for as AridViper seems intent on flexing its muscles in the months ahead.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.