AridViper: the Windows Trojan Now Infects macOS and Linux

Windows, being the most widely used operating system for both home and business, is the main target of hackers. Creating malware to attack this OS is much more beneficial than creating it, for example, for macOS or Linux. However, it is increasingly common to find cross-platform malware that can infect, in equal parts, both macOS and Linux. And one of the new ones that have started to cause problems for all kinds of users, regardless of their operating system, is AridViper .

AridViper is a Trojan, written in Python, created by a group of hackers with the intention of infecting any Windows operating system. This Trojan is distributed through a binary that is responsible for installing Python dependencies on the system (in order to run the malware) and configuring it to be persistent.

AridViper

Malware has been adding victims through the Internet all over the world since 2011, although Spain has not been one of its main targets. However, it seems that the hackers responsible for this malware want to go one step further and run a new campaign globally, and not just for Windows.

What does the AridViper Trojan do

This malware is of the modular type, that is, part of a harmless program to which, through a remote control server , C2, features are added. According to the researchers who have been tracking this malware, some of the functions that this threat can carry out are:

  • Send victim files to the server.
  • Download and run payloads.
  • Steal browser credentials.
  • Take screenshots.
  • Record keystrokes.
  • Compress RAR files with the stolen information.
  • Collect open processes, and close them.
  • Delete files.
  • Restart computers.
  • Collect information from Outlook.
  • Capture information from connected USB devices.
  • Record audio.
  • Execute commands.

Certainly a complete threat. In addition, according to what has been seen in the code of one of the latest variants that has been put into circulation, it seems that now it is no longer going to be limited only to Windows, but that hackers are distributing copies of this malware specially designed to infect Linux and macOS systems . This is more worrying since these operating systems, being less prone to malware, do not usually have an antivirus and, therefore, it is more difficult to both detect the threat and eliminate it.

How to protect ourselves

As security experts warn, this malware is undergoing very active development, and that can be a problem. These hackers are developing new modules that can be delivered to any infected PC via the remote server, and new techniques to make it more persistent and difficult to detect.

The technique to protect ourselves from this malware is the same as always. We must be careful with the websites we visit and always avoid executing files downloaded from the Internet and received via email. An antivirus in Windows, such as a security software in macOS and an antimalware for Linux, will help us detect, and block, the threat before it is too late.