A newly discovered RAT called PyXie is being used to spread Ransomware and Steal Credentials of accounts. This malware has been active for a year and is causing an enormous amount of havoc.
PyXie RAT is being used to Steal Credentials and spread Ransomware
The newly discovered Remote Acess Tool called Pyxie was found by a team at BlackBerry-Cylane. This custom-built tool is being used to healthcare and education companies to steal sensitive data and drop ransomware too.
The Pyxie RAT is Python-based and can work as a keylogger, credential harvester, recording video, cookie theft, the ability to perform man-in-the-middle attacks and the capability to deploy other forms of malware onto infected systems.
The malware is typically spread by sideloading. It has many stages, one of this a Cobalt Mode, in which the malware takes advantage of Cobalt Strike, a security vulnerability testing tool which uses the Metasploit framework to download its final payload.
This malware can be used in various purposes depending upon the scenery and can adapt to it with a lot of ease. It has some similarities with some old malicious exploits, and as per the researchers, the threat actors behind this malware have put a lot of time in developing it and modifying it.
It is unknown as of now how many companies are affected by this RAT, only 30 organisations were marked as infected.