PyXie RAT Description
The PyXie RAT is a threat that was first uncovered in 2018. In its essence, this threat is a RAT (Remote Access Trojan), which is written in the Python programming language. When malware researchers first spotted the PyXie RAT, the threat was not spread very widely. However, its operators have since made sure to expand their reach, and cybersecurity experts have spotted several variants of the threat lurking the Web. Upon dissecting the PyXie RAT, experts have concluded that its authors are very highly-skilled and experienced as this threat is a very high-end Remote Access Trojan. The creators of the PyXie RAT have borrowed code from a couple of infamous hacking tools and made sure that their creation is difficult to study and analyze.
Packs a Threatening Downloader Module
The operators have a corrupted code to legitimate DLL files from Google and LogMeIn. The authors of the PyXie RAT also have compromised a Tetris application and are using it to launch modules of the toolset called Cobalt Strike. The creators of the PyXie RAT may have been inspired by the authors of the Shifu banking Trojan, as they both appear to use a very similar downloader module. Once the PyXie RAT compromises a host, it will place its files in a few %APPDATA% subfolders. The threat will also make sure it gains persistence by tampering with the Windows Registry. The authors of the PyXie RAT have obfuscated the source code of the threat so that dissecting it is a far more difficult task. The downloader module that we mentioned previously is named ‘Cobalt Mode’ and can plant additional malware on the host by grabbing the load from the attackers’ C&C (Command & Control) server, decrypting it, and executing it.
Apart from its ability to plant additional malware on the infected machine, the PyXie RAT is also capable of:
- Launch a keylogger and collect keystrokes that are then transferred to the attackers’ C&C server.
- Record video via the webcam of the user.
- Initiate a remote desktop connection.
- Collect files from any removable storage devices that may be plugged in.
- Collect login credentials from FTP clients, as well as Web browsers.
- Gather sessions data from Discord, Steam, Telegram, and other applications used for communication.
- Inject custom websites that may be utilized in phishing operations.
The PyXie RAT is a threat one should be wary of definitely. This high-end hacking tool is capable of wreaking havoc and collecting a lot of information. If you want to protect your data and your system from this pest, make sure to download and install a reputable anti-virus software solution.
Do You Suspect Your PC May Be Infected with PyXie RAT & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like PyXie RAT as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.