PsiXBot
PsiXBot is a new malware strain that has been under the radar of cybersecurity researchers for over two years. During this time, the PsiXBot malware has undergone through many updates that have improved its features and its ability to evade anti-virus software and virtualized malware analysis environments. The first contact with the PsiXBot was established when a group of malware researchers noticed a new threat that was spread with the help of the SmokeLoader, an infamous Trojan downloader that is often used to deploy more dangerous malware to compromised computers. Later on, the PsiXBot was spotted in the Spelevo Exploit Kit campaigns, and it seems that the infection vectors used by the PsiXBot’s authors are evolving constantly.
After the PsiXBot is installed on a computer successfully, it may establish a connection with the attacker’s command server immediately, and transfer basic system information about the compromised computer – architecture, CPU and GPU model, HDD serial number, operating system, anti-virus software and the user’s permissions. After this, the attacker can use remote commands to control all of the PsiXBot’s features:
- Collect passwords from installed Web browsers and the FileZilla FTP client.
- Monitor the clipboard for wallet addresses related to Bitcoin, Litecoin, Monero, Ripple or Ethereum. If the PsiXBot detects a wallet address, it may replace it with the one set by the attacker automatically, therefore hijacking potential transactions.
- Initialize an outdated version of the QuasarRAT, a popular Remote Access Trojan.
- Log keystrokes and save the min a log file.
- Initialize a remote desktop connection using an unknown piece of software.
- Collect Outlook passwords.
- Scheduler a module that is used to gain persistence on the compromised computer.
Due to the PsiXBot’s features, the victims may never know that their computers have been compromised. The only way to ensure that the PsiXBot is not running on your computer is to make sure that it is protected by a regularly updated anti-malware program.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.