Cryptocurrency firms subjected to Parallax RAT attacks

Attacks deploying the Parallax RAT malware have been deployed against cryptocurrency companies, The Hacker News reports. Cryptocurrency investment firms, wallet service providers, and exchanges have been initially targeted with a Visual C++ malware as initial payload, which leverages process hollowing to facilitate Parallax RAT injection into the pipanel.exe component of Windows without being easily detected, according to a report from Uptycs. Researchers noted that Parallax RAT does not only enable system metadata collection but also clipboard data access and remote machine reboots and shutdowns. Meanwhile, attackers have been using Notepad to initiate negotiations with their victims, who are then ordered to interact on their Telegram channel. More cybercriminals have been leveraging Telegram due to the platform's claims of built-in encryption, as well as its channel creation capability, a KELA analysis noted. "These features make it difficult for law enforcement and security researchers to monitor and track criminal activity on the platform. In addition, cybercriminals often use coded language and alternative spellings to communicate on Telegram, making it even more challenging to decipher their conversations," said KELA.