A Remote Access Trojan (RAT) dubbed PyXie RAT, was reported by the researchers at BlackBerry Cylane to have multiple capabilities such as stealing passwords, monitoring actions on the infected system and spreading malware. It also uses the open-source project SharpHound to gather Active Directory (AD) information. Although PyXie RAT has been observed in the wild since 2018, it has not received much attention from the security community or been named until now. This RAT uses an open-source Tetris game to disguise its malicious content, loading the RAT and Cobalt Strike stagers. The full extent of this campaign is still not certain. Cylane’s team has identified attacks against over 30 organizations, primarily in the educational and healthcare fields.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is