Parallax RAT Sets Aim at Cryptocurrency Organizations

  |  Source: 
Financial Services

Parallax RAT Sets Aim at Cryptocurrency Organizations

Malicious phishing and spam emails are targeted cryptocurrency entities to distribute Parallax remote access trojan (RAT). Uptycs' tracking of Parallax found the RAT to be active since December 2019, armed with capabilities to read login credentials, view files, gather keystrokes, and gain remote desktop control. Recent campaigns the Uptycs Threat Research team observed involve a two-stage attack with the first payload using employs process hollowing to embed the second payload within valid processes to achieve stealth and adding itself to the startup folder to obtain persistence. The second payload a 32-bit binary executable proceeds to collect system and host data. The attackers can also leverage the malware to engage in communication with the victim using Notepad and instruct them to connect to a Telegram channel. Lastly, the RAT is able to power off or restart the compromised system and erase artifacts with a VBS script.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now