Meet Pupy, a Brand New In-Memory Remote Access Tool (RAT)

Posted on

Pupy is a RAT that works on Windows, Linux, and Mac. Developers never stand still, and regardless of whether they are penetration testers or malware creators, new hacking tools always hit the market on a weekly basis.

Today we meet Pupy, a Remote Access Tool (RAT) launched past September and written entirely in Python code.

Pupy is cross-platform compatible, meaning it can run on all three major operating systems, and allows attackers a wide range of options when spying on their targets.

Pupy features a fileless operation mode

Despite support for all three OSs, Windows is where Pupy works best, the RAT featuring 100% in-memory functionality. This is achieved because the Pupy payload is compiled as a reflective DLL, loading an entire Python interpreter inside the target’s memory, and working without ever touching the hard drive’s disks.

This makes detection by classic antivirus solutions a little bit harder and gains more crucial times for any operator to exfiltrate data.

Pupy features a modular structure, allowing developers to deploy a basic wireframe on infected systems, and then load modules into memory as they are needed.

A diversified attack spectrum via Pupy’s modular makeup

Some of the functionality covered by these modules includes the ability to migrate into other processes running on the victim’s OS, running modules as background jobs, an interactive reverse shell, and auto-completion for commands and arguments.

Additionally, attackers can upload and download files from infected systems, they can take desktop screenshots, webcam screenshots, forward local ports, log mouse and keyboard inputs, and execute shell code.

All communications between the Pupy bots and the main server are done via SSL (by default), but four more other transport channels are also supported.

Since Pupy comes with its own Python interpreter, Pupy modules can be simple Python files or compiled Python C extensions. This makes writing Pupy files a whole lot easier, since Python is one of the most widespread and easier-to-learn programming languages around.

Pupy’s source code is available under the BSD license, on Github. By taking a quick look at the project’s milestones, expect future Pupy versions to be able to record microphone sounds, support more transport layers, record network traffic, and be more silent on *NIX machines.

List available modules (the list is not up to date)

List available modules (the list is not up to date)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s