Pupy is a RAT that works on Windows, Linux, and Mac. Developers never stand still, and regardless of whether they are penetration testers or malware creators, new hacking tools always hit the market on a weekly basis.
Today we meet Pupy, a Remote Access Tool (RAT) launched past September and written entirely in Python code.
Pupy is cross-platform compatible, meaning it can run on all three major operating systems, and allows attackers a wide range of options when spying on their targets.
Pupy features a fileless operation mode
Despite support for all three OSs, Windows is where Pupy works best, the RAT featuring 100% in-memory functionality. This is achieved because the Pupy payload is compiled as a reflective DLL, loading an entire Python interpreter inside the target’s memory, and working without ever touching the hard drive’s disks.
This makes detection by classic antivirus solutions a little bit harder and gains more crucial times for any operator to exfiltrate data.
Pupy features a modular structure, allowing developers to deploy a basic wireframe on infected systems, and then load modules into memory as they are needed.
A diversified attack spectrum via Pupy’s modular makeup
Some of the functionality covered by these modules includes the ability to migrate into other processes running on the victim’s OS, running modules as background jobs, an interactive reverse shell, and auto-completion for commands and arguments.
Additionally, attackers can upload and download files from infected systems, they can take desktop screenshots, webcam screenshots, forward local ports, log mouse and keyboard inputs, and execute shell code.
All communications between the Pupy bots and the main server are done via SSL (by default), but four more other transport channels are also supported.
Since Pupy comes with its own Python interpreter, Pupy modules can be simple Python files or compiled Python C extensions. This makes writing Pupy files a whole lot easier, since Python is one of the most widespread and easier-to-learn programming languages around.
Pupy’s source code is available under the BSD license, on Github. By taking a quick look at the project’s milestones, expect future Pupy versions to be able to record microphone sounds, support more transport layers, record network traffic, and be more silent on *NIX machines.