Windows, being the most widely used operating system for both home and business, is the main target of hackers. Creating malware to attack this OS is much more beneficial than creating it, for example, for macOS or Linux. However, it is increasingly common to find cross-platform malware that can infect, in equal parts, both macOS and Linux. And one of the new ones that have started to cause problems for all kinds of users, regardless of their operating system, is AridViper.
AridViper is a Trojan, written in Python, created by a group of hackers with the intention of infecting any Windows operating system. This Trojan is distributed through a binary that is responsible for installing Python dependencies on the system (in order to run the malware) and configuring it to be persistent.
Malware has been adding victims over the Internet since 2011 throughout the world, although Spain has not been one of its main targets. However, it seems that the hackers responsible for this malware want to go one step further and run a new campaign globally, and not just for Windows.
What does the AridViper Trojan do
This malware is of the modular type, that is, it is part of a harmless program which, through a remote control server, C2, features are added to it. According to researchers who have been tracking this malware, some of the functions that this threat can perform are:
- Send victim files to the server.
- Download and run payloads.
- Steal browser credentials.
- Take screenshots.
- Record keystrokes.
- Compress RAR files with the stolen information.
- Collect open processes, and close them.
- Delete files.
- Restart computers.
- Collect information from Outlook.
- Capture information from connected USB devices.
- Record audio.
- Execute commands.
Certainly a complete threat. In addition, according to what has been seen in the code of one of the latest variants that has been put into circulation, it seems that now it is no longer going to be limited only to Windows, but that hackers are distributing copies of this malware specially designed for infect Linux and macOS systems. This is more worrying given that these operating systems, being less prone to malware, do not usually have an antivirus and, therefore, it is more difficult to both detect the threat and eliminate it.
How to protect ourselves
As security experts warn, this malware is undergoing very active development, and that can be a problem. These hackers are developing new modules that can be delivered to any infected PC through the remote server, and new techniques to make it more persistent and difficult to detect.
The technique to protect ourselves from this malware is the same as always. We must be careful with the websites we visit and always avoid executing files downloaded from the Internet and received via email. An antivirus for Windows, such as security software for macOS and antimalware for Linux, will help us detect, and block, the threat before it is too late.