There is a new RAT (Remote Access Tool/Trojan) that goes by the name of Pupy. It is open-source so everybody can have full access to its capabilities. It can be used by administrators, penetration testers, engineers, but unfortunately, also by black hats. Pupy has a multi-platform usage and an embedded Python programming language interpreter. This makes the thought of this tool used by cybercriminals terrifying.
This is how it looks like inside:
|Short Description||The tool is basically a trojan if it’s used by black hat hackers.|
|Symptoms||The RAT can download and upload files and information, migrate to other processes, execute commands and also has a keylogger.|
|Distribution Method||Exploit Kits, Targeted Attacks|
|Detection Tool||Download Malware Removal Tool, to See If Your System Has Been Affected by Pupy RAT|
|User Experience||Join our forum to discuss the Pupy RAT.|
Pupy Trojan – Distribution
There are lots of possibilities for distributing Pupy as it is with a free license and everybody has access to it and can modify it as they see fit. A very effective way of it being inserted into your system can be with the use of Exploit Kits as this is quite common for similar Tool agents. We believe that targeted attacks and spam emails as ways of distribution can be just as effective. It is really probable we see that in the near future.
Pupy Trojan – Technical Details
Pupy is classified as RAT. RAT stands for Remote Access Trojan. It could easily be implemented to stay hidden on a system and steal sensitive information as an APT (Advanced Persistent Threat). It has the potential to infect you with more malware, and as now it is quite popular, you can easily get ransomware like TeslaCrypt and CryptoWall 4.0.
Pupy has the Python language embedded in its programming and can inject .dll files in Windows systems and is reported to work effectively under Linux, Mac OS X and Windows operating systems. The whole Python interpreter is fully loaded from memory so there may be little to no trace on the disk of a computer.
The following features are already implemented and working:
- inter process architecture injection also works (x86->x64 and x64->x86)
- command execution
- interactive shell (cmd.exe, /bin/sh, /bin/bash, …)
- tty allocation is well supported on target running a Unix system. (Looks like a SSH shell)
- interactive python shell
- webcam snapshot
- in memory execution of PE exe both x86 and x64
- socks5 proxy
- local port forwarding
- shellcode execution
- keylogger (monitors keys, the windows titles the text is typed in and the clipboard)
- mouselogger: (takes small screenshots around the mouse at each click and sends them back to the server)
As it can have a constant connection to remote locations, hackers behind the Trojan may also steal sensitive data and files, upload malware, spy on you and countless other things.
Pupy Trojan Removal
This Trojan can spy on you, access personal information on your PC and eventually may infect you with different malware types. It may track your personal information and send all data to cybercriminals, from which they can profit. To completely get rid of the Pupy Trojan horse from your PC, carefully follow the step-by-step removal instructions provided below.