AridViper Malware Targets Windows And Other Operating Systems Researchers on the Global Research and Analysis Team (GReAT) at Kaspersky Lab found. The new malware strain dubbed PyMICROPSIA, is currently being used by a group tracked AridViper.
AridViper malware target Windows primarily in the Middle East, focusing mainly on Palestine, Egypt, and Turkey. The designs of the malware are specifically to attack Windows-based machines.
The group hasn’t been active, having compromised a relatively modest 3,000 or so machines since they appeared on Kaspersky’s radar in 2015. That, however, may be changing.
Recent samples of the code reveal that AridViper is continuing to develop their info-stealing malware. They’re arming it with new capabilities and expanding their reach by building in architecture that will allow them to begin attacking machines running both Linux and MacOS.
In terms of new capabilities, AridViper malware seems to be pulling out all the stops. Not all of these are active yet, but hooks are now in the code to build-out additional functions.
The Other Functions Include:
- File uploading
- Payload download and execution
- Screen captures
- File compression for easier exfiltration
- Collection of process information which would allow killing system processes
- File deletion
- Automatic reboot
- Disabling Outlook processes
- Creating, deleting, compressing and exfiltrating files and folders
- Collecting information from USB drives
- Audio recording
- And more
In addition to the AridViper malware’s current info-stealing capabilities, all this includes the ability to steal credentials from browsers, clear browser histories, keylogging, and the like.
All that to say, if AridViper completes development on all the functionalities listed above and builds out the capability to deploy their malware against Linux and MacOS machines, it will be a dangerous strain indeed.
If you have business dealings in the Middle East, you may have already run afoul of this particular AridViper strain. Even if you don’t, this is one to watch for as AridViper seems intent on flexing its muscles in the months ahead.