LTS Secure Warning: Vicious Python RAT “PyXie”, Steals Credentials and Spreads Ransomware

A hacking campaign, utilizing custom built, python based trojan “PyXie“, has been identified targeting healthcare & education organization. The trojan gives the attacker almost full control of the windows machine, allowing to monitor victims action & steal his sensitive data.


Technical Details

The malware is side loaded with legitimate apps to compromise victim machines. One such cases is with an open source games, which once downloaded and executed, installs the malicious payload secretly, using Powershell in order to escalate privileges & establish persistence.

Researchers have identified that in some cases, PyXie was being used to deliver ransomware on compromised network.



  • Logs user’s keystrokes.
  • Records videos & takes pictures from webcam.
  • Steal sensitive/confidential information like login credentials of banking sites, cookies, etc.
  • Perform network scans.
  • Upload & executing payloads on the infected machines.
  • Data exfiltration.


Recommended Actions

  • Try to avoid downloading and using any Freeware application.
  • Always update your anti-virus software with the latest releases.
  • Periodically run “full system scan” on your endpoints.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.
  • Isolate all of the compromised computers ASAP to prevent threats from spreading further inside your infrastructure.



LTS Secure Locations
  • Florida: 407-965-5509
    Los Angeles: 323-544-5013
    Mid West: 800 689 4506

  • Chicago/Midwest– 2406 Schumacher Drive, Mishawaka, IN, 46545

    201, Tower S4, Phase II, Cybercity, Magarpatta Township, Hadapsar, Pune-411013

Leave us a messages Leave us a messages

← Prev Step

Thanks for contacting us. We'll get back to you as soon as we can.

Please provide a valid name, email, and question.

Powered by LivelyChat
Powered by LivelyChat Delete History