Hello, welcome to the Thursday, July 21st, 2020 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Xavier wrote about an interesting, malicious Python script.

He compares it to rubber ducky.

If you're not familiar to rubber ducky.

If you're not familiar with Robert Ducky, it's a USB stick that simulates a keyboard.

Robert Ducky can be programmed to send keystrokes to a victim's system and then executing malicious script.

So you would plug it in claiming it to be a memory stick,

but it will actually then execute malicious code.

Similarly, this Python script uses an auto-Gui library intent to automate interactions with graphical user interfaces.

The script Xavier found uses this module to simulate the command

R keystroke to launch command.exe, terminal, and will then send keystrokes for a PowerShe

one-liner to command.exe to connect to a server, awaiting additional commands.

Of course, this works, and question always is,

why would an attacker go through trouble to write a script like this?

Most likely they're trying to obfuscate the code,

so it's not really going to get detected by anti-malver

and the low virus total

score that this script has appears to validate that decision so far.

And Apple today released its usual surprise update for all of its operating systems. Apple, of course,

doesn't have a scheduled patch day and also

...