Quote:Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities– from collecting browser credentials to targeting Outlook files.
The trojan, called PyMicropsia (due to it being built with Python) has been developed by threat group AridViper, researchers said, which is known for targeting organizations in the Middle East.
“AridViper is an active threat group that continues developing new tools as part of their arsenal,” researchers with Palo Alto’s Unit42 research team said in a Monday analysis. “Also, based on different aspects of PyMicropsia that we analyzed, several sections of the malware are still not used, indicating that it is likely a malware family under active development by this actor.”
The trojan’s information-stealing capabilities include file uploading, payload downloading/execution, browser-credential stealing (and the ability to clear browsing history and profiles), taking screenshots and keylogging.
In addition, the malware can collect file listing information, delete files, reboot machines, collect information from USB drive and record audio; as well as harvest Outlook .OST files and kill/ disable Outlook processes.
An OST file, also known as an Offline Outlook Data File, is used by Microsoft accounts, Exchange accounts and Outlook.com accounts “to store a synchronized copy of your mailbox information on your local computer,” according to Microsoft. OST files may contain email messages, contacts, tasks, calendar data and other account information.
Read more: https://threatpost.com/windows-trojan-st...es/162223/
![[-]](https://www.geeks.fyi/images/collapse.png)
