BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Parallax RAT attacks cryptocurrency companies with sophisticated malware injection techniques

    Cryptocurrency organizations have become a new target for attack as part of a malicious campaign to distribute the Parallax RAT remote access trojan. Malware “uses injection techniques to hide in legitimate processes, making it harder to detect,” according to a new Uptycs report. "Once the Trojan has been successfully injected, the attackers can interact with their victim via Windows Notepad, which likely serves as a communication channel."

    Parallax RAT gives hackers remote access to compromised computers. It comes with features for uploading and downloading files, as well as recording keystrokes and screenshots.

    Parallax has been in use since early 2020 and has previously been delivered with COVID-19 themed lures. In February 2022, Proofpoint detailed a grouping codenamed TA2541 targeting the aviation, aerospace, transportation, manufacturing and defense industries using various RAT variants, including Parallax.

    The Parallax payload is Visual C++ malware that uses the "Process Hollowing" method to inject Parallax into a legitimate Windows component called pipanel.exe. In addition to collecting system metadata, the malware can also access information stored on the clipboard and even remotely reboot or shut down the compromised machine.

    The way cybercriminals work involves using public tools such as DNSdumpster to identify mail servers owned by targeted companies. Identification takes place using the records of the companies' mail exchanger. And then the attackers send phishing emails containing Parallax RAT malware there.

    One notable aspect of the attacks is the use of a standard notepad utility to initiate conversations with victims and redirect them to the criminals' Telegram channel. An analysis of this Telegram channel by Uptycs showed that hackers are showing interest in cryptocurrency companies, such as investment firms, exchanges, and wallet service providers.

    “One of the reasons Telegram is attractive to cybercriminals is its supposed built-in encryption and the ability to create channels and large private groups. These features make it difficult for law enforcement and security researchers to track criminal activity on the platform. In addition, cybercriminals often use coded language and alternate spellings to communicate on Telegram, making their conversations even more difficult to decipher,” reads a comprehensive KELA analysis published last month.
    Author DeepWeb
    New GoBruteforcer Botnet Targets phpMyAdmin, MySQL, FTP, Postgres Applications
    Iron Tiger hackers distribute Linux version of their SysUpdate malware

    Comments 0

    Add comment