BlackBerry Cylance researchers have recently discovered a previously unnamed Python RAT we’re calling PyXie. PyXie has been observed in the wild since at least 2018 without much attention from the cybersecurity industry.
PyXie has been deployed in an ongoing campaign that targets a wide range of industries. It has been seen in conjunction with Cobalt Strike beacons as well as a downloader that has similarities to the Shifu banking Trojan. Analysts have observed evidence of the threat actors attempting to deliver ransomware to the healthcare and education industries with PyXie.
BlackBerry Cylance has conducted multiple incident response (IR) engagements in which PyXie was identified on hosts in the victim environment.
Source: BlackBerry Cylance