Crypto Companies Under Attack: New Campaign Delivers Parallax RAT Malware
Reading Time: 3 Minutes
Parallax RAT Campaign Targets Cryptocurrency Companies
Cryptocurrency companies are the latest target of a malicious campaign that delivers a remote access trojan (RAT) called Parallax RAT. According to a report by Uptycs, the malware uses injection techniques to hide within legitimate processes, making it difficult to detect. Once successfully injected, attackers can interact with their victim via Windows Notepad, which likely serves as a communication channel. The Parallax RAT enables attackers to remotely access victim machines, with features to upload and download files as well as record keystrokes and screen captures.
The Parallax RAT malware has been in use since early 2020 and was previously delivered via COVID-19-themed lures. In February 2022, Proofpoint detailed a cybercrime threat actor named TA2541 that was targeting several industries using different RATs, including Parallax. The first payload is a Visual C++ malware that employs the process hollowing technique to inject Parallax RAT into a legitimate Windows component called pipanel.exe.
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
The Use of Notepad Utility in Parallax RAT Attacks Reveals Interest in Crypto Companies
Besides gathering system metadata, the Parallax RAT can access data stored in the clipboard and even remotely reboot or shut down the compromised machine. One notable aspect of the attacks is the use of the Notepad utility to initiate conversations with the victims and instruct them to connect to an actor-controlled Telegram channel. Uptycs’ analysis of the Telegram chat reveals that the threat actor has an interest in crypto companies such as investment firms, exchanges, and wallet service providers.
The modus operandi of the attack involves searching public sources like DNSdumpster for identifying mail servers belonging to the targeted companies via their mail exchanger (MX) records and sending phishing emails bearing the Parallax RAT malware. Telegram is increasingly becoming a hub for criminal activities, enabling threat actors to organize their operations, distribute malware, and facilitate the sale of stolen data and other illegal goods, in part owing to the platform’s lax moderation efforts.
Trending: Security Engineer vs. Software Engineer
Trending: Offensive Security Tool: SQLMutant
Telegram Becoming a Hub for Cybercriminal Activity
KELA disclosed in an exhaustive analysis published last month that one reason why Telegram is attractive to cybercriminals is its alleged built-in encryption and the ability to create channels and large, private groups.
These features make it difficult for law enforcement and security researchers to monitor and track criminal activity on the platform. In addition, cybercriminals often use coded language and alternative spellings to communicate on Telegram, making it even more challenging to decipher their conversations.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
