|
|
|
|
|
|
by dead_mall
2167 days ago
|
|
|
Python is very versatile from a malware perspective, especially toward anything *nix since python is always pre-installed. There are tons of pip packages that can be used to the bad guy's advantage that they don't have to rewrite themselves (e.g. keyloggers, video camera related packages. All they need to do is have a way to deploy it and receive the data, then it's just a matter of hiding the communication. Building loaders, reverse shells and bypassing AV is hell of a lot easier in Python as well. See PupyRAT, a full-on multi-os admin tool mainly written in Python (2 unfortunately, also it's buggy and outdated), it's a great example. They use a C wrapper around their remote admin tool that is written in Python. Their (C) loader downloads the provided Python payload from an http link, stores it in a specific memory address that gets executed right after. Because it's in memory, it doesn't touch the disk, Unless you are using the Windows payload (which provides multiple options to hide the program using a set of windows' exploits). |
|
|