Hackers Using New Eye Pyramid Tool to Leverage Python & Deploy Malware

This tool, originally open-sourced on GitHub in 2022, has only recently gained traction among threat actors, leveraging Python to deploy various malicious payloads directly into memory without leaving traditional forensic traces on compromised systems. Most alarmingly, the tool has been connected to several ransomware operations including Rhysida, Vice Society, and BlackCat, suggesting it has become a preferred component in sophisticated attack chains. Intrinsec researchers identified a concerning pattern of IP addresses associated with Eye Pyramid command and control servers, many of which are hosted on notorious bulletproof hosting providers including Limenet, Aeza, and Railnet. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Analysis of server configurations revealed consistent patterns across multiple threat actors, suggesting either shared tooling or potential collaboration among different ransomware groups. The infrastructure clustering analysis points to Eye Pyramid becoming an increasingly standardized component in the cybercriminal ecosystem, with its Python-based flexibility allowing for rapid adaptation to evade detection mechanisms. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cybersecurity experts have identified a sophisticated hacking tool called “Eye Pyramid” being actively deployed in malicious campaigns since mid-January 2025. The Eye Pyramid tool functions as a versatile backdoor, allowing attackers to maintain persistence within compromised networks while deploying additional offensive tools. A breakthrough in understanding Eye Pyramid’s operational structure came when Intrinsec’s team discovered a specific JSON file serving as the default error response for Eye Pyramid servers. These providers are known for their lax policies regarding illicit activities, providing threat actors with resilient infrastructure resistant to takedown efforts. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Further investigation revealed Eye Pyramid’s deployment in conjunction with established malware families, including Cobalt Strike, Sliver, and Rhadamanthys.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 02 May 2025 09:55:15 +0000

Cyber News related to Hackers Using New Eye Pyramid Tool to Leverage Python & Deploy Malware

Hackers Using New Eye Pyramid Tool to Leverage Python & Deploy Malware - This tool, originally open-sourced on GitHub in 2022, has only recently gained traction among threat actors, leveraging Python to deploy various malicious payloads directly into memory without leaving traditional forensic traces on compromised ...
1 month ago Cybersecuritynews.com Rhysida

Python 2 EOL: Coping with Legacy System Challenges - Python 2.7 was the last major version in the 2.x series of this software language, which was launched on July 3, 2010 and was officially maintained and supported until January 1, 2020. At that point, when the Python 2 EOL phase began, the legacy ...
1 year ago Securityboulevard.com

CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago

CVE-2023-40587 - Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is ...
1 year ago

Hackers Using Pyramid Pentesting Tool For Stealthy C2 Communications - As open-source offensive security tools continue to advance, tracking similar implementations will provide early warnings of new infrastructure and refine detection methodologies. Pyramid, first released on GitHub in 2023, is a Python-based ...
4 months ago Cybersecuritynews.com

How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
1 year ago Pandasecurity.com

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

Dakota Eye Institute Files Notice of Data Breach Affecting More Than 107k Individuals - On October 23, 2023, the Dakota Eye Institute filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that patients' personal information was compromised following a cyberattack. ...
1 year ago Jdsupra.com

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com