A TROJAN NAMED PyXie

When you think of Tetris, you might rekindle moments with the ever so popular matching-puzzle video game that you had on your Gameboy! What you will not rekindle is a Trojan orientated variable that’s main purpose is cyber destruction on a global scale!

…meet PyXie!

PiXie is a custom built “Trojan” which is Pyhon expansion based. Aptly named PyXie because it utilise a “.pyx” file extension instead of the normal “.pyc” extension linked with the Python ecosystem. And it’s just THIS anomaly that enticed BlackBerry researchers to delve deeper and discover this previously anonymous Python RAT which they dubbed “PyXie”. This Trojan is a decidedly customizable menace with advanced proficiencies to create a malicious outbreak as a Web-injection, Key-logging Credential accumulator which was primarily initiated by the hacking group behind it to specifically target the Healthcare & Educational sectors.

“…Analysts have observed evidence of the threat actors attempting to deliver ransomware to the healthcare and education industries with PyXie.”

Ryan Tracey, a Senior threat researcher, BlackBerry Cylance

A viable commercial software called Cobalt Strike was used by the hacking group to create this vindictive cyber infestation. The Tetris game, however, was the unfortunate victim in this scenario as its popularity was used as a shroud for the hackers’ dark endeavour. It worked like this…Once the game has been downloaded the infested Tetris application executes Cobalt Strike binaries, which then intensifies the privilege & persistence in the victim’s computer OS. The following phase sees the malware leverage the Cobalt Mode, with that, it connects to the command and control server to download the final payload of peril. It then sets out to accumulate software functions like Key-loggings, Cookie theft, Credential harvesting and Video reaping which makes “PyXie” a very maliciously vindictive and powerful Trojan horse that if left alone, could capitalize detrimentally on Health and Educational infrastructures, its primary intended targets!

It all just goes to show that no file extension has the anonymity to go unnoticed, well if you are up against the best security software & services company like BlackBerry, you are bound to be exposed!

Share with us in our comment section below…

Michael

BlackBerry aficionado since 2005 ...Painting pages with words is my #BlackBerryThing

Top