A Remote Access Trojan (RAT) dubbed PyXie RAT, was reported by the researchers at BlackBerry Cylane to have multiple capabilities such as stealing passwords, monitoring actions on the infected system and spreading malware. It also uses the open-source project SharpHound to gather Active Directory (AD) information. Although PyXie RAT has been observed in the wild since 2018, it has not received much attention from the security community or been named until now. This RAT uses an open-source Tetris game to disguise its malicious content, loading the RAT and Cobalt Strike stagers. The full extent of this campaign is still not certain. Cylane’s team has identified attacks against over 30 organizations, primarily in the educational and healthcare fields.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.