New trojan gives attackers control over Windows systems

Stay tuned, subscribe!

A newly discovered trojan focuses on organisations in health care and education. It is a tailor-made, Python-based trojan that gives attackers control over Windows systems. This gives them the ability to control actions and steal sensitive data.

The trojan gives hackers remote access, and is called PyXie RAT. Keylogging, data collection, video recording, cookie theft, the ability to carry out man-in-the-middle attacks, and the ability to implement other forms of malware on infected systems, among other things, are all part of the Trojan’s capabilities.

Research by Blackberry Cylance

In addition, the Trojan can erase suspicious activities so that the malware is not discovered. However, traces of the attacks have been discovered by cyber security researchers at Blackberry Cylance, who coined the name PyXie. This is because of the way the code uses a ‘.pyx’ file extension instead of the ‘.pyc’ extension, which is usually associated with Python.

According to ZDNet, PyXie RAT has been active since 2018 and is custom-made, indicating that a lot of time and money has been spent on building the trojan.

Sideloading technique

The malware usually reaches the victims through a sideloading technique. It uses legitimate applications to infect victims. One of these applications, discovered by researchers, was a trojan version of an open-source game that installs the malicious payload using PowerShell.

Once the malware is successfully installed on the target system, the attackers can move around the system and execute certain commands. In addition to stealing usernames, passwords, and other information, researchers note that there are also cases where PyXie is used to distribute ransomware in certain networks.