Palo Alto Networks Unit 42 cybersecurity experts: The malware group claims to be part of the well-known firm, but there is no indication about a relation.
Cisco Talos: the Necro Python malware is evolving. The bot has new features, ranging from different C2 communications to exploits for spreading
Necro Python malware is evolving and now it adds new features. It has been discovered by Cisco Talos cybersecurity experts. They range from different command and control (C2) communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code. The infection starts with successful exploitation of a vulnerability in one of the targeted applications or the operating systems. The bot targets Linux-based and Windows operating systems. A Java-based downloader is also used for the initial infection stage. The malware uses a combination of a standalone Python interpreter and a malicious script, as well as ELF executables created with pyinstaller.
How the malicious code works according the cybersecurity experts