Cryptocurrency Firms Under Attack by Parallax RAT Malware

A new campaign is targeting cryptocurrency companies with a remote access trojan known as Parallax RAT. Attackers have been using the malware to gain access to systems and data of cryptocurrency firms to carry out malicious activities.

The Parallax RAT grants attackers remote access to victim machines, allowing them to upload and download files, record keystrokes and screen captures, access data stored in the clipboard, and even remotely reboot or shut down the compromised machine.^[0] Attackers have been using Notepad to initiate negotiations with their victims, who are then ordered to interact on their Telegram channel.^[1]

The initial payload is a Visual C++ malware that employs the process hollowing technique to inject Parallax RAT into a legitimate Windows component called pipanel.exe.^[1] Cryptocurrency investment firms, wallet service providers, and exchanges have been initially targeted with this malware.

The Parallax RAT attack is yet another example of how cybercriminals are using Telegram to their advantage. The platform’s claims of built-in encryption and its capability to create channels and large, private groups make it difficult for law enforcement and security researchers to monitor and track criminal activity on the platform.^[1] Moreover, cyber criminals regularly employ coded language and other forms of spelling to communicate through Telegram, making it even more difficult to comprehend their conversations.^[1]

These attacks highlight the importance of vigilance when dealing with cryptocurrency firms and other investments. Companies should take the necessary steps to ensure that their systems and data are secure and that their employees are aware of the risks. By taking the necessary precautions, companies can protect themselves from these types of attacks.

0. “Parallax RAT Targeting Cryptocurrency Firms with Sophisticated …” thehackernews.com, 11 Mar. 2023, https://thehackernews.com/2023/03/parallax-rat-targeting-cryptocurrency.html

1. “Cryptocurrency firms subjected to Parallax RAT attacks | SC Media” www.scmagazine.com, 11 Mar. 2023, https://www.scmagazine.com/brief/cybercrime/cryptocurrency-firms-subjected-to-parallax-rat-attacks