A newly discovered Windows trojan linked to the AridViper threat group, dubbed PyMICROPSIA, shows signs that it might be used to infect computers running Linux and macOS as well.


The new trojan, dubbed PyMICROPSIA by Unit 42, was discovered while investigating AridViper activity (also tracked as Desert Falcon and APT-C-23), a group of Arabic speaking cyberspies focusing their attacks on Middle Eastern targets since at least 2011.

AridViper operates mainly out of Palestine, Egypt, and Turkey, and the number of victims they compromised exceeded 3,000 in 2015 [PDF], according to the Global Research and Analysis Team (GReAT) at Kaspersky Lab.