Parallax: The New RAT on the Block (Mar 18, 2020)
Parallax is a recently discovered Remote access trojan (RAT) which supports all Windows operating system (OS) versions. It has been linked to several campaigns leveraging the coronavirus pandemic and is capable of evading advanced detection solutions, stealing credentials and executing remote commands. Researchers at Morphisec labs have seen it being distributed in spearphishing campaigns with a malicious word document that will download the Parallax payload. The payload itself will be downloaded from Pastebin.
Recommendation: Since Parallax’s main platform for initial compromise is spearphishing, education is the best defense for individuals and employers. Inform your employees on what to expect for information requests from their managers and colleagues. Employees should also be aware of whom to contact when they suspect they are the target of a possible spear phishing attack. Ensure that your company's firewall blocks all entry points for unauthorized users, and maintain records of how normal traffic appears on your network. Therefore, it will be easier to spot unusual traffic and connections to and from your network to potentially identify malicious activity.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.