• Contact Us
  • Login
Upgrade
Tech News Hero
Advertisement
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
  • Home
  • News
  • Gadgets
  • Social
  • Gaming
  • Mobile
  • PC
  • Internet
  • Security
  • Apps
No Result
View All Result
Tech News Hero
No Result
View All Result
Home Security

This trojan malware is being used to steal passwords and spread ransomware

by technewshero
December 2, 2019
in Security
0
Share on FacebookShare on Twitter
Malware attacks on hospitals are on the rise
The healthcare industry stores some of the most sensitive personal information there can be about people: hackers know this and are looking to exploit what they view as an easy target.

A newly discovered hacking campaign by a ‘sophisticated cyber criminal operation’ is targeting healthcare and education organisations with custom-built, Python-based trojan malware which gives attackers almost control of Windows systems with the ability to monitor actions and steal sensitive data.

Malicious functions of the remote access trojan , dubbed PyXie RAT, include keylogging, credential harvesting, recording video, cookie theft, the ability to perform man-in-the-middle attacks and the capability to deploy other forms of malware onto infected systems.

All of this is achieved while clearing evidence of suspicious activity in an effort to ensure the malware isn’t discovered.

However, traces of the attacks have been found and detailed by cyber security researchers at Blackberry Cylance, who named the malware PyXie because of the way its compiled code uses a ‘.pyx’ file extension instead of the ‘.pyc’ typically associated with Python.

PyXie RAT has been active since at least 2018 and is highly customised, indicating that a lot of time and resources have gone into building it.

“The custom tooling and the fact it has remained under the radar this long definitely shows a level of obfuscation and stealth in line with a sophisticated cyber criminal operation,” Josh Lemos, VP of research and intelligence at Blackberry Cylance told ZDNet.

The malware is typically delivered to victims by a sideloading technique which leverages legitimate applications to help compromise victims. One of these applications uncovered by researchers was a trojanized version of an open source game, which if downloaded, will go about secretly installing the malicious payload, using PowerShell to escalate privileges and gain persistence on the machine.

A third stage of the multi-level download sees PyXie RAT leverage something known in the code as ‘Cobalt Mode’ which connects to a command and control server as well as downloading the final payload.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

This stage of the download takes advantage of Cobalt Strike – a legitimate penetration testing tool – to help install the malware. It’s a tactic which is often deployed by cyber criminal gangs and something which aids in making attacks more difficult to attribute.

This particular downloader also has similarities with another used to download the Shifu banking trojan, however, it could simply be a case of criminals taking  open source – or stolen – code and re-purposing it for their own ends.

“An advantage of utilizing a widely used tool such as Cobalt Strike is it makes attribution difficult since it is used by many different threat actors as well as legitimate pentesters. With the Shifu banking trojan similarities, it is unclear if it is the same actors or if someone else reused some of its code,” said Lemos.

Once successfully installed on the target system, the attackers can can move around the system and implement commands as they please. In addition to being used to steal usernames, passwords and any other information enter the system, researchers note that there are cases of PyXie being used to deliver ransomware to compromised networks.

“This is a full-featured RAT that can be leveraged for a wide range of goals and the actors will have different motives depending on the target environment. The fact it has been used in conjunction with ransomware in a few environments indicates that the actors may be financially motivated, at least in those instances,” said Lemos.

The full extent of the PyXie RAT campaign still isn’t certain, but researchers have identified attacks against over 30 organisations, predominately in the healthcare and education industries, with hundreds of machines believed to have been infected.

Aside from likely being a well-resourced cyber criminal group, it’s currently unknown who exactly  is behind PyXie RAT, but the campaign is still thought to be active.

However, despite the sophisticated nature of the malware, researchers state that it can be protected against by standard cyber hygiene and enterprise security best practices including operating system and application patching, endpoint protection technology, auditing, logging and monitoring of endpoint and network activity and auditing of credential use.

READ MORE ON CYBER CRIME

Previous Post

This Cyber Monday hard drive deal is one of the best we’ve seen

Next Post

DuckDuckGo Is Twitter CEO Jack Dorsey’s Default Search Engine

technewshero

technewshero

Related Posts

2020 Shows the Danger of a Decapitated Cyber Regime
Security

2020 Shows the Danger of a Decapitated Cyber Regime

by technewshero
January 13, 2021
A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting
Security

A ‘Bulletproof’ Criminal VPN Was Taken Down in a Global Sting

by technewshero
January 14, 2021
The Worst Hacks of 2020, a Surreal Pandemic Year
Security

The Worst Hacks of 2020, a Surreal Pandemic Year

by technewshero
January 15, 2021
Security

How Your Digital Trails Wind Up in the Police’s Hands

by technewshero
December 31, 2020
How to Understand the Russia Hack Fallout
Security

How to Understand the Russia Hack Fallout

by technewshero
December 22, 2020
Next Post

DuckDuckGo Is Twitter CEO Jack Dorsey's Default Search Engine

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

Hatch: all about Google’s next rumored Chromebook

September 16, 2019

Investors in LatAm get bitten by the hotel investment bug as Ayenda raises $8.7 million – TechNewHero

February 22, 2020

This Storytelling and Animation Coding Tool Is Educational

January 16, 2020

Browse by Category

  • Apps
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • News
  • PC & Laptops
  • Security
  • Social
Tech News Hero

© 2020 Tech News Hero.

No Result
View All Result
  • Home
  • Landing Page
  • Buy JNews
  • Support Forum
  • Contact Us

© 2020 Tech News Hero.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?