The Parallax RAT (Remote Access Trojan) is a threat that is being sold on underground hacking forums and various platforms. This means that the cyber crooks who are willing to pay the price can get their hands on this nasty Trojan. Furthermore, the authors of the Parallax RAT have made sure that their creation is accessible to everyone by offering different plans and subscriptions. Naturally, the more you pay, the more functionalities will be unlocked. The creators of the Parallax RAT also claim to release free regular updates, which makes the offer even more tempting for some cyber crooks. The cybercriminals behind the Parallax RAT also claim that their creation operates so silently that it is undetectable by anti-virus tools. However, this is not true certainly, and reputable anti-malware applications will be able to spot the threatening activity of the Parallax RAT.
Distributed via Fake Emails Regarding the Coronavirus Outbreak
It would appear that some of the cyber crooks distributing the Parallax RAT are using spam emails as an infection vector to spread this threat. According to reports, the emails in question would be in regards to the Coronavirus epidemic that has been making headlines recently. The fake emails would contain an attachment called ‘new infected CORONAVIRUS sky 03.02.2020.pif.’ The attached file is meant to trigger the execution of the Parallax RAT on the compromised system. However, it is likely that there are countless other propagation methods used by different cyber crooks who are distributing the Parallax RAT. Avoid opening files attached to emails from unknown sources, as this is one of the most common infection vectors used in the spreading of various malware.
By modifying the Windows Registry and applying some changes to the Windows Task Scheduler, the Parallax RAT will gain persistence on the infected system. The Parallax RAT would be executed every time the victims restart their systems. The Parallax RAT would connect to its operators’ C&C (Command & Control) server and wait for commands on how to proceed with the attack. The Parallax RAT can:
- Execute remote commands.
- Initialize a remote desktop connection.
- Browse files present on the system.
- Download files or folders.
- Upload and run files on the compromised host.
- Run an infostealer feature that would collect login credentials, personal information, etc.
It would appear that the Parallax RAT can target systems running Windows – namely all versions between XP and 10. We would recommend you to consider obtaining a legitimate anti-virus application that will keep your system secure from threats like the Parallax RAT.