Live microphone streaming to a voice channel.Continuous microphone recording saved in.Capture screenshots and record the screen as per preference.Manipulation of copied cryptocurrency wallet addresses.Keystroke logging for capturing every keyboard input.Collection of Discord tokens and system information.Extraction of browser history, cookies, and saved passwords.Process management, including browsing and termination.Running CMD commands for remote control.Anti-VM measures, preventing execution on virtual machines (e.g., VirtualBox, VMWare).Bypassing UAC to obtain Administrative permissions upon startup.As per the information provided by the developers on GitHub, this PySilon RAT encompasses a wide range of functionalities, which include: This is an advanced RAT coded in the Python programming language, designed for complete control via Discord, featuring a specialized GUI builder. The image depicted below displays the GUI of the PySilon builder, showing a range of options for constructing a binary file. The PySilon RAT builder enables TAs to create a customized malicious binary file with the desired functionalities for their malware. Figure 5 – PySilon malware package version 3.6 The “resources” folder comprises multiple Python scripts, each dedicated to a specific functionality of the RAT malware. Upon running the “PySilon.bat” file, it launches a GUI that provides users with the ability to create a customized PySilon RAT binary and subsequently save it to the “dist” folder. The following figure shows the PySilon builder package. The malware files generated using the PySilon builder utilize file names, which include: Figure 4 – First discovery of PySilon RAT executable in VirusTotalĭuring the time of our analysis, FalconFeedsio also posted a Twitter message indicating that a forum user was endorsing the “PySilon Malware.” Additionally, we have identified numerous samples that mimic software, tools, and cracks suspecting that they were downloaded from phishing websites, free software downloading sites, etc. The malware created using the PySilon builder was initially identified by NeikiAnalytics approximately one month ago, as shown below. PySilon v3.6, the most recent version, was released at the end of August 2023, boasting advanced malicious functionalities. The PySilon project (PySilon v1.0), featuring basic malware capabilities, was originally posted on GitHub in early December 2022. Figure 2 – PySilon RAT with Adobe Photoshop Icon After conducting an analysis, it was noticed that the PyInstaller malware executable was created utilizing an open-source GitHub project known as “PySilon,” a Remote Access Trojan (RAT). We presume that this executable comes from a phishing website. On September 13th, CRIL came across a PyInstaller file named “Adobe Photoshop.exe” on VirusTotal. The upward trend in these samples suggests a growing usage of PySilon RAT.įigure 1- Rise of PySilon RAT (Stats Source- VirusTotal) It has been noted that over 300 samples of this malware have been reported on VirusTotal since June 2023. CRIL has recently come across multiple instances of PySilon RAT, an open-source malware. Threat Actors (TAs) resort to open-source malware available on platforms like GitHub due to its convenience, advanced functionalities, and adaptability. CRIL has also detected numerous samples that imitate software, tools, and cracks suspecting their origin from phishing websites, free software downloading websites, etc.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |