Cryptocurrency Companies Face New Threats from Parallax RAT

A new campaign has been launched, targeting cryptocurrency companies with a remote access trojan called Parallax RAT.^[0] According to a report from Uptycs, cryptocurrency investment firms, wallet service providers, and exchanges have been initially targeted with a Visual C++ malware as the primary payload. This malware employs the process hollowing technique to inject Parallax RAT into a legitimate Windows component called pipanel.exe.

Attackers can gain remote access to victim machines through Parallax RAT.^[1] This software provides the ability to upload and download files, as well as recording of keystrokes and screen captures.^[1] The researchers observed that Parallax RAT can not only collect system metadata, but also access clipboard data, reboot remote machines, and shut them down.^[1] At the same time, aggressors have resorted to Notepad to start dialogues with their targets, instructing them to communicate via their Telegram channel.^[0]

A KELA analysis observed that cybercriminals are increasingly utilizing Telegram, likely due to the platform’s purported encryption capability and its ability to create channels.^[1] KELA stated that these features make it difficult for law enforcement and security researchers to keep an eye on and trace criminal activity on the platform. In addition, cybercriminals often use coded language and alternative spellings in their conversations on Telegram, making it even more difficult to interpret their messages.^[1]

It is essential for cryptocurrency companies to be aware of the latest threats posed by Parallax RAT and other cybercriminals. Companies should ensure that their systems are properly secured and that their staff is trained to recognize suspicious activity or communications. In addition, companies should keep an eye out for new malware variants as attackers continue to find new ways to exploit vulnerabilities. With the right security measures in place, cryptocurrency companies can protect themselves from these malicious activities.

0. “Cryptocurrency firms subjected to Parallax RAT attacks | SC Media” www.scmagazine.com, 11 Mar. 2023, https://www.scmagazine.com/brief/cybercrime/cryptocurrency-firms-subjected-to-parallax-rat-attacks

1. “Parallax RAT Targeting Cryptocurrency Firms with Sophisticated …” thehackernews.com, 11 Mar. 2023, https://thehackernews.com/2023/03/parallax-rat-targeting-cryptocurrency.html