- Jul 24, 2021
Cybersecurity analysts have recently discovered a malevolent new form of trojan malware called PyXie RAT. It’s a product of a sophisticated cybercriminal network that targets healthcare and educational organizations. The malware gives attackers significant control of Windows operating systems. It allows hackers not only to monitor activity but also steal data and make system changes.
Continue reading to learn more about the PyXie RAT trojan and how users can protect themselves from it and similar cyber threats.
What makes PyXie RAT so dangerous?
PyXie RAT is a remote access trojan. A Trojan or Trojan Horse is a type of malware disguised as a legitimate app, software, or download. Usually, cybercriminals use social engineering techniques to encourage unknowing users to execute Trojans on their systems. Once this occurs, hackers have significant control over user’s computers and networks.
PyXie RAT is a particularly dangerous Trojan. It operates via remote access. That means cybercriminals can attack nearly any machine connected to the internet. Some of its features include:
- cookie theft,
- recording video from webcams,
- data and credential harvesting,
- man-in-the-middle attacks.
Worse yet, PyXie Rat disguises any suspicious activity. Thus, it can go unnoticed for as long as possible. It is one of the main reasons why cybersecurity analysts don’t know the full scope of the attack yet. It may still be hiding its presence on a vast number of machines.
How do cybersecurity researchers know about it?
PyXie Rat has been active since 2018, possibly earlier. Yet, researchers at Blackberry Cylance recently published a report about it. That’s because the malware involves complex coding and high levels of stealth. They caused the attacks to go undiscovered despite the size and the danger this trojan poses.
They named the malware PyXie because it compiles codes using a “.pyx” extension instead of the “.pyc.” The latter is typically associated with Python coding language.
Researchers have also noted that PyXie can work in conjunction with other current attacks. These include Cobalt Strike, along with ransomware targeting the healthcare and education industries.
What does PyXie Rat mean for users?
Researchers are still not aware of the full scope of the Pyxie RAT campaign. So far, they’ve identified attacks in over 30 organizations, spanning hundreds of machines. Researchers do know that a well-organized cybercriminal network is behind the attack. But they have no idea who the attackers are. Finally, they’ve concluded the attack is still active and may continue to spread.
Enterprise users, particularly those in education and healthcare fields, should take special precautions to protect their networks and individual machines. This attack should also serve as yet another wake-up call for users. Everyone needs to be on the lookout for suspicious activity on their devices – both at home and at work.
Despite the complex nature of PyXie Rat, users can protect themselves against it. Standard digital hygiene and the best practices enterprise security can help to prevent PyXie Rat or at least do the damage control.
Protect against PyXie RAT
Everyone should practice “digital hygiene.” Here are some of the things you can do to protect yourself from malware like PyXie Rat:
- Patch and update operating systems and apps regularly
- Use robust, unique passwords containing a mixture of special characters, uppercase and lowercase letters, and numbers
- Securely store passwords in a password manager
- Use two-step verification whenever possible
- Auto-scan all devices such as USB drives plugged into a network
- Use a VPN anytime you’re connecting to the internet
- Encrypt files with a file encryption service
- Install a web application firewall
- Scan all files and links before downloading/clicking on them
- Enable privilege control
- Enable automatic antimalware scan and removal
- Keep up with the latest cybersecurity news
- Quickly respond to any suspected attack
It may seem like a lot. But once you get started with the best practices, they will become a habit, and you’ll be much safer as a result.
PyXie RAT: A threat to take seriously
The size of the PyXie RAT attack may be quite small. But the nature of the attack is something you shouldn’t take for granted. It shows how damaging targeted cyberattacks can be. Not only can they steal data, but they also implant malware and create a range of other threats to your cybersecurity.
After all, PyXie RAT isn’t unique. There are millions of other cyberattacks happening right now around the world.
Fortunately, you can protect yourself against PyXie RAT and other data breaches. Some of these cybersecurity practices you can start applying right now. Scan your devices for malware using the latest security software. Safeguard your internet connection and files with the best encryption software for Mac/Windows/Linux. Don’t forget about mobile operating systems either.
And be alert while downloading or clicking anything online.
Finally, stay informed about the latest cyber attacks. It’s much easier to prevent them from happening if you know what you are up against. PyXie Rat and other attacks are dangerous, but you have the tools to defend yourself. You only need to use them.