Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

New Windows Malware May Soon Target Linux, MacOS Devices

New Windows Malware May Soon Target Linux, MacOS Devices

Newly discovered Windows info-stealing malware linked to an active threat group tracked as AridViper shows signs that it might be used to infect computers running Linux and macOS.

The new trojan, dubbed PyMICROPSIA by Unit 42, was discovered while investigating AridViper activity (also tracked as Desert Falcon and APT-C-23), a group of Arabic speaking cyberspies focusing their attacks on Middle Eastern targets since at least 2011.

AridViper operates mainly out of Palestine, Egypt, and Turkey, and the number of victims they compromised exceeded 3,000 in 2015 [PDF], according to the Global Research and Analysis Team (GReAT) at Kaspersky Lab.

New attack vectors found within the code

While PyMICROPSIA is a Python-based malware that specifically targets Windows systems using a Windows binary generated using PyInstaller, Unit 42 has also found code snippets showing that its creators are potentially working on adding multi-platform support.

Also Read: IT Governance Framework PDF Best Practices And Guidelines

“PyMICROPSIA is designed to target Windows operating systems only, but the code contains interesting snippets checking for other operating systems, such as ‘posix’ or ‘darwin’,” as Unit 42 said.

“This is an interesting finding, as we have not witnessed AridViper targeting these operating systems before and this could represent a new area the actor is starting to explore.”

Despite this, these checks might have been introduced by the malware’s developers while copy-pasting code from other ‘projects’ and could very well be removed in future versions of the PyMICROPSIA trojan.

Linux macOS targeting
Source: Unit 42

Data theft and delivery of additional payloads

When it comes to this trojan’s capabilities, Unit 42 has unearthed a long list of features while analyzing malware samples found on compromised devices and payloads (not Python-based) downloaded from attackers’ command-and-control (C2) servers.

The list of information-stealing and control capabilities includes data theft, device control, and additional payload delivery features.

The full list of capabilities includes but it’s not limited to:

  • File uploading.
  • Payload downloading and execution.
  • Browser credential stealing. Clearing browsing history and profiles.
  • Taking screenshots.
  • Keylogging.
  • Compressing RAR files for stolen information.
  • Collecting process information and killing processes.
  • Collecting file listing information.
  • Deleting files.
  • Rebooting machine.
  • Collecting Outlook .ost file. Killing and disabling Outlook process.
  • Deleting, creating, compressing, and exfiltrating files and folders.
  • Collecting information from USB drives, including file exfiltration.
  • Audio recording.
  • Executing commands.
Source: Unit 42

PyMICROPSIA makes use of Python libraries for a wide range of purposes, ranging from information and file theft to Windows process, file system,  and registry interaction.

Also Read: EU GDPR Articles: Key For Business Security And Success

The trojan’s keylogging capability implemented using the GetAsyncKeyState API is part of a separate payload it downloads from the C2 server.

A downloaded payload is also used for gaining persistence by dropping a .LNK shortcut in the compromised computer’s Windows Startup folder.

However, PyMICROPSIA will also employ other persistence methods including setting up dedicated registry keys that will relaunch the malware after system restarts.

Based on the connections found by Unit 42 between PyMICROPSIA and AridViper’s MICROPSIA malware, this threat actor “maintains a very active development profile, creating new implants that seek to bypass the defenses of their targets.”



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us