Security News > 2023 > March > Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques
Cryptocurrency companies are being targeted as part of a new campaign that delivers a remote access trojan called Parallax RAT. The malware "Uses injection techniques to hide within legitimate processes, making it difficult to detect," Uptycs said in a new report.
Parallax RAT grants attackers remote access to victim machines.
In February 2022, Proofpoint detailed a cybercrime threat actor dubbed TA2541 targeting aviation, aerospace, transportation, manufacturing, and defense industries using different RATs, including Parallax.
The first payload is a Visual C++ malware that employs the process hollowing technique to inject Parallax RAT into a legitimate Windows component called pipanel.
Parallax RAT, besides gathering system metadata, is also capable of accessing data stored in the clipboard and even remotely rebooting or shutting down the compromised machine.
The modus operandi entails searching public sources like DNSdumpster for identifying mail servers belonging to the targeted companies via their mail exchanger records and sending phishing emails bearing the Parallax RAT malware.
News URL
https://thehackernews.com/2023/03/parallax-rat-targeting-cryptocurrency.html