LTS Secure Warning: Vicious Python RAT “PyXie”, Steals Credentials and Spreads Ransomware

A hacking campaign, utilizing custom built, python based trojan “PyXie“, has been identified targeting healthcare & education organization. The trojan gives the attacker almost full control of the windows machine, allowing to monitor victims action & steal his sensitive data.

 

Technical Details

The malware is side loaded with legitimate apps to compromise victim machines. One such cases is with an open source games, which once downloaded and executed, installs the malicious payload secretly, using Powershell in order to escalate privileges & establish persistence.

Researchers have identified that in some cases, PyXie was being used to deliver ransomware on compromised network.

 

Impact

  • Logs user’s keystrokes.
  • Records videos & takes pictures from webcam.
  • Steal sensitive/confidential information like login credentials of banking sites, cookies, etc.
  • Perform network scans.
  • Upload & executing payloads on the infected machines.
  • Data exfiltration.

 

Recommended Actions

  • Try to avoid downloading and using any Freeware application.
  • Always update your anti-virus software with the latest releases.
  • Periodically run “full system scan” on your endpoints.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.
  • Isolate all of the compromised computers ASAP to prevent threats from spreading further inside your infrastructure.