A newly discovered hacking campaign by a 'sophisticated cyber criminal operation' is targeting healthcare and education organisations with custom-built, Python-based trojan malware which gives attackers almost control of Windows systems with the ability to monitor actions and steal sensitive data.
Malicious functions of the remote access trojan , dubbed PyXie RAT, include keylogging, credential harvesting, recording video, cookie theft, the ability to perform man-in-the-middle attacks and the capability to deploy other forms of malware onto infected systems.
All of this is achieved while clearing evidence of suspicious activity in an effort to ensure the malware isn't discovered.
However, traces of the attacks have been found and detailed by cyber security researchers at Blackberry Cylance, who named the malware PyXie because of the way its compiled code uses a '.pyx' file extension instead of the '.pyc' typically associated with Python.
PyXie RAT has been active since at least 2018 and is highly customised, indicating that a lot of time and resources have gone into building it.
"The custom tooling and the fact it has remained under the radar this long definitely shows a level of obfuscation and stealth in line with a sophisticated cyber criminal operation," Josh Lemos, VP of research and intelligence at Blackberry Cylance told ZDNet.
The malware is typically delivered to victims by a sideloading technique which leverages legitimate applications to help compromise victims. One of these applications uncovered by researchers was a trojanized version of an open source game, which if downloaded, will go about secretly installing the malicious payload, using PowerShell to escalate privileges ..
Support the originator by clicking the read the rest link below.
