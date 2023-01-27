The attackers have been using phishing emails that contain a link to a Google Drive or Dropbox file, which, when clicked, downloads the malicious Python script.

A new cyber attack campaign has been discovered by security researchers at Securonix, targeting organisations using a Python-based malware called PY#RATION.

According to the company, the malware exhibits remote access trojan (RAT) behaviour, allowing for control of and persistence on the affected host. As with other RATs, PY#RATION possesses a host of features and capabilities.

The attack campaign has been primarily targeting organisations in the healthcare and finance industries, but any organisation that uses Python-based systems is at risk. The attackers have been using phishing emails that contain a link to a Google Drive or Dropbox file, which, when clicked, downloads the malicious Python script.

The malware is delivered via phishing emails that contain a malicious Python script, which, when executed, allows the attackers to gain access to the victim's system and steal sensitive information.

The PY#RATION malware is capable of performing a variety of malicious actions, including exfiltrating data, keylogging, and taking screenshots. It also has the ability to evade detection by using encrypted communication channels and disguising itself as a legitimate Python process.

To protect against this attack campaign, organisations are advised to implement advanced threat detection and response solutions, as well as to educate their employees on how to recognize and avoid phishing emails. Additionally, organisations should regularly update and patch their systems to ensure that any vulnerabilities are addressed.

The cybersecurity community continues to monitor this situation and will provide updates as more information becomes available. It is important for organisations to stay vigilant and take proactive measures to protect themselves from this and other cyber threats.

