"Parallax RAT Used in Attacks Aimed At Cryptocurrency Entities"

Researchers from the cybersecurity company Uptycs warn of attacks using the Parallax Remote Access Trojan (RAT) on cryptocurrency organizations. Since December 2019, the Parallax RAT has been spread via malvertising and phishing attacks. Common RAT capabilities supported by the malware include keylogging, capturing login credentials, file access, and remote control of compromised systems. The sample used in recent attacks applies injection techniques to conceal itself within legitimate processes and evade detection. After successfully injecting malicious code, threat actors are able to communicate with their victim via Windows Notepad. The first payload examined by the researchers is written in C++ and is a 32-bit executable. The RAT is injected into a valid Microsoft pipanel.exe process through the process-hollowing approach. The malware gains persistence by creating a copy of itself in the Windows Startup folder. The second payload collects sensitive information from affected systems. This article continues to discuss the new wave of attacks against cryptocurrency entities, involving the use of the Parallax RAT for infiltration.

Security Affairs reports "Parallax RAT Used in Attacks Aimed At Cryptocurrency Entities"