Infosecurity Magazine reports that highly sophisticated tactics have been employed to covertly deliver the newly emergent STX RAT malware in an attempted attack against a financial services firm in February.Multi-stage scripts that enable privilege escalation and in-memory execution have been utilized to distribute the STX RAT, which not only uses registry-based autorun and COM takeovers to ensure persistence but also harnesses advanced cryptographic techniques to circumvent detection, according to an analysis from eSentire's Threat Response Unit. After ensuring that it is not operating in a virtual environment, STX RAT waits for command server instructions before pilfering browser, FTP client, and cryptocurrency wallet data.Infection with STX RAT, which could be managed through a hidden virtual desktop, could also enable further payload execution, network tunnel creation, and user input simulations. While the targeted financial services environment has already been contained, organizations have been advised to adopt more robust endpoint defenses and restrict script-based attack exposure amid the RAT's ongoing development.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds