A new polymorphic Python-based remote access trojan (RAT) remains largely undetected, with only two detections on VirusTotal. It features self-modifying code and over 40 attack capabilities, posing a significant threat to targeted systems. #NIRORAT #PythonRAT
Keypoints
- The malware is a polymorphic Python RAT identified by security researcher Xavier Mertens.
- It uses functions like self_modifying_wrapper() to alter its code on the fly, making detection difficult.
- The RAT has over 40 attack and reconnaissance functions, including network scanning, data theft, and lateral movement.
- Capabilities also include screen recording, keylogging, payload deployment, and file encryption.
- Currently, only two detections exist on VirusTotal, indicating its stealthy nature and ongoing threat level.
Read More: https://thecyberexpress.com/polymorphic-malware-undetected-by-security/