BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Parallax RAT attacks cryptocurrency companies with sophisticated malware injection techniques

    Cryptocurrency organizations have become a new target for attack as part of a malicious campaign to distribute the Parallax RAT remote access trojan. Malware “uses injection techniques to hide in legitimate processes, making it harder to detect,” according to a new Uptycs report. "Once the Trojan has been successfully injected, the attackers can interact with their victim via Windows Notepad, which likely serves as a communication channel."

    Parallax RAT gives hackers remote access to compromised computers. It comes with features for uploading and downloading files, as well as recording keystrokes and screenshots.

    Parallax has been in use since early 2020 and has previously been delivered with COVID-19 themed lures. In February 2022, Proofpoint detailed a grouping codenamed TA2541 targeting the aviation, aerospace, transportation, manufacturing and defense industries using various RAT variants, including Parallax.

    The Parallax payload is Visual C++ malware that uses the "Process Hollowing" method to inject Parallax into a legitimate Windows component called pipanel.exe. In addition to collecting system metadata, the malware can also access information stored on the clipboard and even remotely reboot or shut down the compromised machine.

    The way cybercriminals work involves using public tools such as DNSdumpster to identify mail servers owned by targeted companies. Identification takes place using the records of the companies' mail exchanger. And then the attackers send phishing emails containing Parallax RAT malware there.

    One notable aspect of the attacks is the use of a standard notepad utility to initiate conversations with victims and redirect them to the criminals' Telegram channel. An analysis of this Telegram channel by Uptycs showed that hackers are showing interest in cryptocurrency companies, such as investment firms, exchanges, and wallet service providers.

    “One of the reasons Telegram is attractive to cybercriminals is its supposed built-in encryption and the ability to create channels and large private groups. These features make it difficult for law enforcement and security researchers to track criminal activity on the platform. In addition, cybercriminals often use coded language and alternate spellings to communicate on Telegram, making their conversations even more difficult to decipher,” reads a comprehensive KELA analysis published last month.
    Author DeepWeb
    New GoBruteforcer Botnet Targets phpMyAdmin, MySQL, FTP, Postgres Applications
    Iron Tiger hackers distribute Linux version of their SysUpdate malware

    Comments 0

    Add comment