According to the security researcher MalwareHunterTeam, one Trojan allowing the remote access and is called Parallax RAT is distributed through malicious software spam campaigns. Installing the RAT on the victim's machines allows the attackers to obtain it complete control of the infected system.
Since December 2019, the researcher has been monitoring Parallax RAT samples as they have appeared on VirusTotal and other related services.
The Parallax RAT is for sale into a hacking forums
Parallax hackers promote the product saying it is 99% reliable and suitable for both professionals as well as beginners.
The Parallax RAT has been developed by a hacking team whose goal was to create the best tool for remote management.
“Parallax RAT will provide you with everything you need. Suitable for both professionals and beginners. First of all, we offer 99% stability in terms of stability. The Parallax RAT was designed to offer the user a truly multilevel performance and fast speed with minimal resource consumption. We are a team of developers and we are here to offer quality services"Says the team behind the Parallax RAT.
Attackers can purchase a RAT license for one month for just $ 65 or for three months for $ 175.
What does Parallax RAT promise?
- Theft of credentials
- Remote desktop capabilities
- Uploading and downloading files
- Run remote commands on the infected computer
- Encrypted links
- Windows XP Support via Windows 10
Hackers also claim that the software is able to bypass them Windows Defender, Avast, AVG, Avira, Eset and BitDefender. However, this is probably not the case, since the RAT has been detected.
Malicious distribution emails
If the victim opens the malicious attachment, the process begins exploiting vulnerability Microsoft Office Equation Editor (CVE-2017-11882). If the content is enabled, malicious macros will be run to install RAT.
Hackers use a variety of methods. Either they use intermediate loaders or they instantly install Parallax RAT on the computer.
At least two researchers have found a loader that downloads an image from it Imgur image sharing site. The image contains a built-in Parallax executable. This executable is extracted from the image and executed in computer.
The RAT is then copied to another location and executed in other processes.
Once installed, a shortcut to Windows Startup folder, so that it runs automatically when a user logs on system.
This allows attackers to access the computer whenever they want.
For many of the Parallax samples, command & control servers are hosted on the free DNS server duckdns.org.
The best way to protect against this kind of malware is to avoid emails from unknown sources. Users should always be very careful not to open suspicious emails and attachments.