CATEGORIES
home News

PyXie RAT Trojan Malware Steals Credentials, Keylogs, Records Videos On Target Windows PCs

by Shane McGlaunTuesday, December 03, 2019, 08:15 AM EDT
hacker hoodie
Researchers have sounded a warning bell at BlackBerry Cylance about a new trojan malware called PyXie RAT. The malware can perform all sorts of nefarious deeds, including keylogging, stealing login credentials, and recording videos. PyXie RAT can also distribute other attacks, including ransomware.

The newly discovered PyXie RAT campaign is being run by a sophisticated cyber-criminal operation that is targeting healthcare and education organizations. The malware is custom-built and Python-based. When a machine is infected with the software, it can control most Windows systems and allows the hacker to monitor data and steal sensitive data.

Other functions that the software can perform include cookie theft and man-in-the-middle attacks. One of the most worrisome capabilities is the ability to deploy different forms of malware on infected systems. PyXie RAT is also able to clear any evidence of its nefarious activity to prevent detection. Despite those attempts, traces of the attacks have been left behind and were discovered by Blackberry Cylance researchers. It was dubbed PyXie RAT because it uses a ".pyx" file extension instead of the ".pyc" extension typically associated with Python.

PyXie RAT has been active since at least 2018 and is highly customized, indicating lots of time and resources were applied to its development. The malware is typically delivered to victims using a sideloading technique that leverages legitimate apps to help compromise the target PC. One way that machines were infected that researchers discovered was a trojanized version of an open-source game.

When the game was installed, the PyXie RAT malware was also installed using PowerShell to escalate privileges and gain persistence on the machine. A third stage sees the malware leverage something called "Cobalt Mode" that connects to a command and control server to download the final payload. That mode also takes advantage of Cobal Strike, which is a legitimate penetration testing tool to help install the malware. PyXie RAT is said to be similar to the Shifu banking trojan, leaving it unclear if the same group operates them. In other trojan news, back in March, a Windows 10 trojan was targeting IoT core machines.

Tags:  Malware, trojan, Hack
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment