Python Malware Targets Tatar-Language Users: TA866 Threat Actor Strikes Again

Researchers have discovered a new Python malware targeting Tatar language-speaking users. This malware can capture screenshots on victims' systems and send them to a remote server via FTP. The threat actor behind this campaign is the TA866 group, known for targeting Tatar language speakers. The attackers use phishing emails with a malicious RAR file that contains a video file and a Python-based executable disguised as an image file. Once executed, the malware fetches additional files from Dropbox and creates a scheduled task to execute the malicious code. The TA866 group is a well-organized and financially motivated threat actor that has previously targeted organizations in the US and Germany. They use custom hacking tools and employ various post-exploitation tools, demonstrating their expertise in developing advanced malware.