This is an advanced RAT coded in the Python programming language, designed for complete control via Discord, featuring a specialized GUI builder. The image depicted below displays the GUI of the PySilon builder, showing a range of options for constructing a binary file. The PySilon RAT builder enables TAs to create a customized malicious binary file with the desired functionalities for their malware. Figure 5 – PySilon malware package version 3.6 The “resources” folder comprises multiple Python scripts, each dedicated to a specific functionality of the RAT malware. Upon running the “PySilon.bat” file, it launches a GUI that provides users with the ability to create a customized PySilon RAT binary and subsequently save it to the “dist” folder. The following figure shows the PySilon builder package. The malware files generated using the PySilon builder utilize file names, which include: Figure 4 – First discovery of PySilon RAT executable in VirusTotalĭuring the time of our analysis, FalconFeedsio also posted a Twitter message indicating that a forum user was endorsing the “PySilon Malware.” Additionally, we have identified numerous samples that mimic software, tools, and cracks suspecting that they were downloaded from phishing websites, free software downloading sites, etc. The malware created using the PySilon builder was initially identified by NeikiAnalytics approximately one month ago, as shown below. PySilon v3.6, the most recent version, was released at the end of August 2023, boasting advanced malicious functionalities. The PySilon project (PySilon v1.0), featuring basic malware capabilities, was originally posted on GitHub in early December 2022. Figure 2 – PySilon RAT with Adobe Photoshop Icon After conducting an analysis, it was noticed that the PyInstaller malware executable was created utilizing an open-source GitHub project known as “PySilon,” a Remote Access Trojan (RAT). We presume that this executable comes from a phishing website. On September 13th, CRIL came across a PyInstaller file named “Adobe Photoshop.exe” on VirusTotal. The upward trend in these samples suggests a growing usage of PySilon RAT.įigure 1- Rise of PySilon RAT (Stats Source- VirusTotal) It has been noted that over 300 samples of this malware have been reported on VirusTotal since June 2023. CRIL has recently come across multiple instances of PySilon RAT, an open-source malware. Threat Actors (TAs) resort to open-source malware available on platforms like GitHub due to its convenience, advanced functionalities, and adaptability. CRIL has also detected numerous samples that imitate software, tools, and cracks suspecting their origin from phishing websites, free software downloading websites, etc.The current version boasts advanced malware capabilities, including its ability to record keystrokes, steal sensitive information, capture screen activity, execute remote commands, and perform additional functions.PySilon RAT was first established in December 2022 as version 1.0 and has since evolved to its current iteration, version 3.6. The presence of over 300 samples on VirusTotal since June 2023 suggests a significant surge in the PySilon malware’s activity.Cyble Research and Intelligence Labs (CRIL) has observed the usage of an open-source PySilon RAT by multiple threat actors (TAs).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |