Security experts warn cryptocurrency platforms about a new campaign delivering the Parallax remote access trojan (RAT) to infiltrate networks, collect files, record keystrokes, and take screenshots. This RAT was first seen in 2020, delivered via COVID-19 lures, and has targeted sectors, including aerospace, manufacturing, transportation, and defence.
Intriguingly, in this campaign, the threat operators use the Windows Notepad app to communicate with their victims. It also uses injection tactics to hide its movements within legitimate computer processes, helping it evade detection.
The researchers detailed the techniques and processes employed by the Parallax RAT operators.
A domain research tool, such as the DNSdumpster, is highly utilised in this campaign since the operators use it to find mail servers of the targeted firms through their mail exchanger records. Then, phishing emails are sent to the collected addresses, which entails delivering the Parallax RAT.
Once inside a compromised host, an initial payload (a Visual C++ malware) will start a process-hollowing procedure that will inject the RAT into a Windows component “pipanel[.]exe.” Then, Parallax will begin collecting the machine’s system metadata, clipboard data, and other data it intends to exfiltrate.
It can also reboot or shut down the machine if needed.
The threat operators’ use of the Notepad app in communicating with the victims uncovered how they instructed them to connect to a Telegram channel owned by the attackers. The attackers’ Telegram channel exposes their fascination with attacking cryptocurrency firms and wallet service providers.
Researchers claim that Telegram has been a popular hub for cybercriminals because of its built-in chat encryption and ability to establish large and private channels. These private chat hubs help threat actors organise operations, spread malware copies, communicate with victims, and sell or leak stolen data to other cybercriminal groups while hiding well from authorities.
To ensure safety from threats of Parallax RAT, security professionals recommend refraining from downloading attachments sent thru email by unknown sources. Users must also avoid installing pirated tools and software on their computers since most are hiding malware strains.
