Python RAT with a Nice Screensharing Feature

Nov. 5, 2024, 12:33 p.m.

Description

A Python Remote Access Trojan (RAT) with advanced capabilities, including a notable screensharing feature, has been discovered. The RAT, based on a two-year-old script, has a low detection rate on VirusTotal. It offers numerous functions to control the victim's computer, such as shell access, webcam control, and registry manipulation. The screensharing feature utilizes the 'vidstream' Python library, enabling real-time viewing of the victim's screen. A proof-of-concept demonstrated the RAT's ability to stream the victim's screen to the attacker's computer. This exemplifies Python's growing popularity among attackers for creating sophisticated malware, even for Windows environments.

External References

https://isc.sans.edu/diary/rss/31414
https://otx.alienvault.com/pulse/672a049be3ab3bd94d8b1d0a
Tags
rat
python
2024-11-05
low-detection
remote-control
python rat
vidstream
screensharing

Date

  • Created: Nov. 5, 2024, 11:42 a.m.
  • Published: Nov. 5, 2024, 11:42 a.m.
  • Modified: Nov. 5, 2024, 12:33 p.m.

Indicators

  • 1281b7184278f2a4814b245b48256da32a6348b317b83c440008849a16682ccb
Download all indicators here!

Attack Patterns

  • Python RAT
  • T1569.002
  • T1021.001
  • T1059.006
  • T1552.001
  • T1120
  • T1553.002
  • T1115
  • T1547.001
  • T1056.001
  • T1113
  • T1562.001
  • T1016
  • T1070
  • T1518
  • T1082
  • T1057
  • T1105
  • T1083
  • T1055